Why OCVS ?

Oracle Cloud VMware Solution

Oracle announced general availability of the Oracle Cloud VMware Solution in August 2020.

Oracle Cloud VMware Solution or OCVS, is an integrated solution developed from a partnership between Oracle and VMware. The Solution enables you to run VMware software-defined data center natively hosted under Oracle Cloud Infrastructure.

Oracle and VMware have partnered together not just in developing that solution, but also provides the required technical support at different tier levels. There are also a wide range of capabilities like native integration to Oracle Cloud services, including other use cases like database and apps being deployed on top of VMware SDDC to achieve some of its benefits.

Let’s look into what is a Software Defined Data Center. Primarily, there are three building blocks that forms a physical data center. The compute, which means the servers. The storage for storing your data and networks, your switching, routing, security, etc.

Most cases, the compute servers will be running a hypervisor, which means you can run several virtual machines overriding the limitations of a physical server. SDDC is a concept that extends this virtualization to all other resources in a data center. Whether it could be your storage array or network, everything is fully software defined and makes it an abstraction layer of resources.

Together forming a platform of multiple virtual data centers delivered as a service. Resources in an SDDC is shared between the application workloads which means you have better control over allocation and consumption of resources. There is no longer a one-to-one dependency to a physical resource.

This grouping together allows you to oversubscribe which means you can maximize a resource several times it is actually meant to be. SDDC capitalizes on agility, elasticity, and scalability. One of the top advantage of being software defined is automation.

For example, whether it could be automating some of the key functions like creating a compute source or it could be operational management like monitoring the usage of a resource, or taking an appropriate action with adding or deleting a resource all in an automated way.

SDDC provides a high degree of flexibility. Because the workloads operate independently, you can deliver an SDDC on a flexible mix of private and Hybrid Clouds like OCVS. Due to the fact there is no interdependency, this provides the environment to be portable and also providing capabilities to seamlessly integrate new applications which makes SDDC a modernized platform.

VMware Cloud Foundation or VCF is the industry leading product from VMware which incorporates compute, storage, networks, and delivers a highly reliable scalable SDDC platform.

Oracle Cloud VMware Solution is based on some of the core components of VMware Cloud Foundation, vSphere, NSX, and vSAN. There are a wide range of features you can achieve with this integration like optimizing your east-west traffic, load balancing your workloads, or storage services like rate protection, deduplication, compression, etc.

Let’s look into the VMware software editions used in the solution. All these software products together provide a proven certified architecture for SDDC deployment. The product stack includes vSphere Enterprise Plus. The versions are interoperable between products and you can choose to deploy the latest 7.0 Update 2, or 6.7 or 6.5 Update 3 versions.

NSX-T Enterprise Plus Version 3.1.2 and vSAN are also part of the deployment process, vSAN is not a separate appliance, and so vSAN version is tied to the version of vSphere deployed.

HCX is one of the key product that brings the service into a true hybrid cloud model. There are two license additions for HCX, the Advanced or Enterprise. HCX Advanced is the free edition included while enabling the service, and Enterprise is an upgrade.

The Bare Metal used are Dense IO 2.52 servers, a high-performance compute configuration. For production purposes there is a minimum of three nodes required to be chosen. This cluster would give you a total of 156 OCPUs, approximately 2 terabytes of memory, 153 terabytes of NVMe SSD drives for recent data store. Finally, you always have the option to add more nodes to the cluster.

The VMware product overview. Let’s start with vSphere the Hypervisor layer. vSphere is a distributed software system with features enabled by Hypervisors ESXI and and management server vCenter that are working together.

vSphere enables the separation of virtual machine from the hardware by presenting a complete X- 86 platform to the virtual machine guest operating system.

A vSphere cluster is a group of ESXI nodes that partitions and aggregates the compute resources in a distributed manner. For example, the distributed virtual switch is a logical switch created using all the network adapters and uplinks from the ESXI host to maintain a consistent network configuration.

The VMs deployed in a cluster share the resources like CPU, memory, datastore and network. But at the same time vSphere have some intelligent resource management techniques to reclaim the resources and provide the VMs that are in demand.

There are two primary features for vSphere cluster, high availability or HA and distributed resource scheduler or DRS.

vShere HA provides high availability for which machines within the cluster. If a host within the cluster fails, the VM residing on that host are restarted on another host in the same cluster.

vSphere DRS is a distributed resource scheduling mechanism that spreads the virtual machine workloads across vSphere host and monitors the available resources. Based on the automation level we can set VMs to life migrate manually or automatically to other hosts which have less resource consumption.

VMotion is referred as the life migration of a running virtual machine from one physical server to another without any downtime. The virtual machine retains its network identity and connections

with storage VMotion you can migrate a virtual machine and also the disk files from one datastore to another while virtual machine is running.

In Oracle cloud VMWare solution the minimum number of hosts required is 3 and the maximum is 64 for all your production purposes.

If you are using vSphere 7.0 update two or newer versions. This introduces a new feature called the vSphere Cluster Services or vCLS. The vCLS feature is enabled by default and runs on all vSphere clusters.

vCLS ensures that if the vCenter becomes unavailable the cluster services like the DRS and HA remains available to maintain the resources and health of the workloads that are running in those clusters.

vCLS uses agent virtual machines to maintain the cluster services health. The vCLS agent virtual machines or vCLS VMs are created when you provision the sddc stack.

There are three vCLS VMs deployed that are required to run on each vSphere cluster.

vSphere DRS in a DRS enabled cluster will depend on the availability of at least one vCLS VM. Unlike your application VMs, vCLS VMs should be treated like your system VMs. This means that it is highly recommended not to perform any operations on these VMS unless it is explicitly listed as a supported operation.

vSAN is the hyper-converged storage part of the solution. The term hyper-converged here means having a high performance NVME all flash based drives attached directly to the bare metal compute. And that becomes the primary storage for your VMs. With having a software defined approach, you can pull these direct attached devices across the vSphere cluster to create a distributed shared datastore for the VMs. VMs are a set of objects together and vSAN is the object store for those objects and its components.

vSAN uses a construct called Disk groups and managed the devices into two different tiers, the Capacity Tier and the Cache Tier.

The Capacity Tier is used as the persistent storage for the VMs and it is also used for read cache purposes. The Cache in this architecture is having all flash drives and it is dedicated to write buffering. The right buffer is all about absorbing the highest rate of write operations directly to the Cache Tier. While a very small stream of data is written to the Capacity Tier.

This two tier design gives great performance to the VMs while ensuring that the devices can have data written in the most efficient way possible. vSAN implements a concept of Fault-Domains. This is different from the Oracle Cloud infrastructure fault-domain. vSAN fault-domain is about grouping multiple host into a logical boundary domain.

The fault domains, make sure there are at least two replica copies of the storage objects that are distributed across the domains. vSAN storage policies are used to determine the high availability of individual VMs. You can configure different policies to determine the number of hosts and device failures that a VM can tolerate. FTT stands for the total failures to tolerate. And with FTT equals one this means you can accommodate one node failure within the cluster where the VMs can sustain and still be functional. FTM stands for failure tolerance method. And we use FTM as raid one, which means a replication of an object is always maintained.

The witness node is a dedicated host use for monitoring the availability of an object. Now, when we have at least two replicas of an object and during a real failure it can cause the data object of the application to be active on both recent fault-domains. This can be disastrous to any application and so to avoid split brain condition a recent Witness node is configured. This node is not meant for deploying VMs and it stores only the metadata which means exclusively decide for the witness components and to determine the actual failure.

NSX-T is the software defined networking and security product part of OCVS. It is heterogeneous which means NSX-T can be deployed not just for your vSphere but also for your multi cloud environment. It can extend features to multiple hypervisors, Bare Metal Servers, containers and cloud native application frameworks.

Some of the common security services are firewall to an edge appliance, load balancing for your workload VMs, distributed and logical routing and switching NAT for external inbound and outbound access. VPN tunnels for connecting between environments.

One of the top use cases, automation that are different pressed a piece with json, support for scripting operational task. It is also compatible with terraform and open stack heat orchestration for provisioning purposes. And with all these capabilities and as software defined approach NSX-T is very familiar to OCIs virtual cloud network.

Let’s look into some of the components of NSX-T and some of the logical constructs. NSX-T works by implementing three integrated planes, the management, the control and the data.

These three planes are implemented as a set of processes, modules and agents residing on three different types of nodes. The manager, the controller and the transport nodes.

NSX-T manager nodes Host the API services. It also provides a graphical user interface and also a REST API is for creating configuring and monitoring NSX-T data center component.

NSX-T controller nodes housed the central control playing cluster services.

The transport nodes are responsible for performing stateless forwarding of packets based on the table is populated by the control plane.

A transport zone is a container that defines the potential reach of transport nodes. Transport nodes are classified into host node and an edge node.

Host Transport nodes are ESXi hosts that participate within the zone and Edge transport nodes are that run the control plane demons with forwarding engines and implements the NSX-T data plane.

There are primarily two types of gateways that you can figure for your virtual machine communication. The Tier 0 gateway processes the traffic between the logical and physical network or you called us the north-south traffic.

And then the Tier 1 gateway is for the east west traffic. The traffic between VM to VM within the same infrastructure.

To enable access between your VMs and outside world, you can configure an external or internal BGP connection between a Tiers 0 gateway and a router in your physical infrastructure.

Now remember when configuring BGP, you must configure a local and remote autonomous system AS number for your Tier 0 gateway.

OSPF is an interior gateway protocol that can be configured on Tier 0 gateway and that operates within a single autonomous system.

Segments are defined as virtual layers to domains. There are two types of segments in NSX-T, the VLAN backed segments and the overlay back segments.

A VLAN backed segment is a layer 2 broadcast domain that is implemented as a traditional LAN in the physical infrastructure.

This means the traffic between two VMs on two different hosts but attached to the same VLAN segment is carried over a VLAN between the two hosts.

In an overlay backed segment a traffic between two VMs on two different hosts but attached to the same overlay segment have their layer 2 traffic carried by a tunnel between the host.

Geneve is a network encapsulation protocol. It works by creating layer 2 logical network encapsulated in UDP packets. It provides the overlay capability by creating an isolated multi tenant broadcast domain across the data center fabrics.

HCX or hybrid cloud extension is an application mobility platform that can simplify the migration of application workloads with rebalancing and also helping you to achieve the business continuity between an on premises and oracle cloud VMWare solution.

HCX Advanced edition can be enabled as part of your OCVS deployment and it has a wide range of features. Network extension with hybrid connect is the top feature of HCX. It allows layer 2 networks like VLANs in your data center to be extended to the OCVS environment.

Cross cloud connectivity is another feature. You can do a side pairing and create a secure channel between the environments.

When optimization is a feature to optimize your network traffic with de-duplication, compression and line conditioning.

If you run a legacy vSphere version HCX can be used to migrate your workloads to a newer vSphere version. One of the key feature of HCX, cloud to cloud migration.

There are different migration types it could be online, live or offline migration. HCX also seeks also support disaster recovery features.

HCX enterprise is an upgrade option with additional features(paid). Some of the features are migration from a non vSphere based environment to be sphere.

Large scale bulk migration is supported through this edition.

You can extend disaster recovery features with VMWare SRM, the site recovery manager product which will help you to orchestrate the DR Workflows.

Traffic engineering allows you to optimize the resiliency of your network parts and used more efficiently.

Mobility groups are about structuring your migration waves based on functionalities of your application networks and without any service disruption.

Finally, mobility optimist networking ensures the traffic between environments uses an optimal part while the flow remains symmetric.

Reference – Data Points

https://www.oracle.com/in/cloud/compute/vmware/

https://www.vmware.com/cloud-solutions/oracle-cloud.html

IDC Report – Helping Organizations with Cloud Migration Through Oracle Cloud Lift Services and VMware https://www.oracle.com/a/ocom/docs/idc-helping-organization-cloud-migrations.pdf

Oracle Cloud VMware Solution’s killer advantage

Oracle Cloud VMware Solution: Providing Enterprises with a Fast Pass to the Cloud

Oracle Cloud VMware Solution— Ready for Today’s Operational Mission

Updated: Comparing VMware solutions on AWS, Azure, GCP and OCI

Deploying Oracle Cloud VMware Solution Demo

Getting Started with Oracle Cloud VMware Solution https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/docs/vmw-getting-started-with-oracle-cloud-vmware-solution-ebook.pdf

https://www.oc-blog.com/2021/05/17/comparing-vmware-solutions-on-aws-azure-gcp-and-oci/