Oh no, sysadmins! VMware touts data centre that runs itself
Storage bods, your time is up
Now that vCloud Suite 5.1 has arrived, VMware is pushing a new term: the software-defined data centre (SDD). It's easy at first to dismiss this as merely another marketing buzzword, meaningless PR babble like "cloud" or "synergy". If you poke your head behind the curtain, you'll find there's good reason for this newest bit of jargon.
When the majority of our industry's professionals think of the word "virtualization" the very first vendor to mind is VMware. Microsoft is next, usually attached to "I wonder if they can do XYZ yet", and Citrix is "the other guy". Red Hat and a few others are playing the game, but they can safely be discussed in the same breath as Apple's enterprise desktop market share.
When someone says "cloud", the tech industry says "Amazon". Google and Microsoft are players, but VMware quite distinctly is not. The marketing motivations for introducing the SDD concept are thus very straightforward. VMware owns "virtualization", it doesn't own "cloud", and clouds (public, private and hybrid) are the future.
Even if VMware's marketing folks felt that they could carve out a name for VMware in the "cloud" mind space, there aren't a whole lot of good reasons to even try. The term cloud is so muddled and overused that its usefulness in a technology discussion is questionable at best.
Toxic clouds sent VMware back to the drawing board
If "cloud" is now toxic; tainted by the sheer scope of what it was expanded to encompass, SDD is about getting specific while marrying a critical bit of IT theory to VMware as tightly as possible. SDD is more than simply a logical wrapper around hosts and virtual machines. Building on the elastic virtual data centre concept from vCloud Director, SDD lays claim to areas traditionally "out of bounds" for VMWare.
SDD hangs off the new features – and the new web client – that have come out with vCloud Suite 5.1. The short version of what SDD means for systems administrators is: everything is logical, nothing is physical and the hierarchical model of data centre visualization and design is dead.
The traditional way of thinking about things is very tied to the hardware. If I provisioned a VM then I had to decide which server would host it, which LUN on which SAN would be best for storage, configure networking, firewall, IDS and so forth. At best, I could create the VM in a pool that allowed me to roughly categorize my VMs by workload, department or so forth. Depending on how I organized things, chargeback could be a mess and I'd still have to keep a watchful eye on everything.
Lighting up a virtual machine has never really been much of a time saver: we can image a physical system in about the same period of time, especially now that the market is flooded with competitors to Symantec's Ghost. The hard part of getting a new system going has always been the politics; prying a few gigs out the priestly hands of the storage admins, getting the network admins to do their job, and explaining in triplicate to the security staff exactly why yet another system needs to send packets through their devices.
vCloud Suite aims to remove these roadblocks. Remember when virtualization became "a thing", and the traditional generalist systems administration jobs started to dry up? Network and security admins: it's survival of the fittest time. Storage admins: you're next.
Go with the flow, the OpenFlow
With vCloud Suite, VMware has taken a cue from software-defined networking projects such as OpenFlow. Network and security configs, storage – and eventually more – now all live with the virtual machine's config. More to the point, the configs travel with the VM when it moves from host to host, or data centre to data centre. Everything is based on classes and tiers; VMs can belong to various classes which define the tiers of storage, details of networking, security and so forth.
Network, security and storage administration is now only required during the design phase of a data centre lifecycle. Securing and segmenting can be applied to entire classes and tiers; the virtualization admins can take it from there.
In making this utopia a reality, it's the little things that matter; like the ability to add noncontiguous blocks of IP addresses to an organization. This whole SDD thing has been thought through enough to not require redoing your entire infrastructure every time you change something. SDD makes true multitenant environments feasible. Organizations grow and shrink all the time, requiring and releasing resources in a way that doesn't fit into neat org charts or plans.
Start building a virty centre from scratch with vCloud Suite 5.1
Some networks can cross virtual data centres. Others are completely segregated; it is up to you to make the definition. Enabling this in a secure fashion is a major part of the vCloud Suite upgrade. The VMware vShield Edge Gateway gets a new name to go with the upgrade; it is now the VMware vCloud Networking and Security (VCNS) Gateway. It is highly available and bristling with sexy new features.
The end result is that you can create multiple logical data centres in your single physical building. Each virtual centre has its own networking rules, security rules, tiers of storage and each can be kept securely isolated from the other. The last is a tough pill for many to swallow; VMware honestly believes in the security of its software. The push is on to educate us about the air gap myth. A virtual data centre can be – and is – as secure as physically air-gapped data centres. Security that is, of course, combined with the efficiency advantages inherent in multitenant service provider environments.
VMware's software has been altered to reflect the new paradigm. The old hierarchical views are still around; you can still double click on a host and see the VMs it is serving up. This is historical however, and this hierarchical view will be going away in the future.
Instead, VMware wants you to take an object-based view of your IT world. How many data centres do you run? How many physical clusters? How many VMs? What class of network are they on, and what are the security constraints? Where does that network go, and which vSwitches does it intersect with?
In this brave new world, the hierarchical model doesn't make much sense. You can completely isolate one virtual data centre from another, or you can connect them. You can spawn load balancer, firewall and IDS rules at various levels and even move VMs between virtual data centres. Your data centre can be on one host or many; span dozens of networks and clusters or collapse into just one.
SDD is a marketing move. Far from the typical cynical rebranding however, it is a logical, legitimate description of an emerging concept data centre design. It's Infrastructure-as-a-Service++; all of a data centre's infrastructure, not just the virtualization stack. Virtualization changed how we thought about provisioning servers. Over time, SDD may just change how we think about provisioning IT as a whole. ®
Sponsored: Today’s most dangerous security threats