During the recently ended VMworld conference (see virtualization.info live coverage), VMware announced a remarkable number of new products. One of them is the long, long awaited vCloud Director 1.0 (formerly vCloud Service Director, and before that Project Redwood).
vCloud Director 1.0 (build 285979) is a management platform for Infrastructure-as-a-Service (IaaS) clouds powered by VMware vSphere 4.1. It should not be confused with the vCloud Express platform that just four hosting providers worldwide adopted and offered in the last few months as part of large beta program.
This first release of the product introduce a number of basic capabilities expected in this class of solutions, like:
- Self-service provisioning portal
- Content catalog (virtual machines and templates library) with customization on provisioning
- Resource pooling
- Resource monitoring, reporting and billing
- Role-based user access (RBAC)
- Service Level Agreements enforcement
Each vCloud Director can scale up to 25 managed vCenter Servers, and up to 10,000 virtual machines in total.
Of course, compared to vCenter, vCloud Director introduces additional levels of abstraction. A key new object is the virtual Data Center (vDC) which allows to use vSphere for multi-tenancy deployments.
There are two kind of vDCs: the Provider vDCs and the Organization vDCs. The difference between the two is that the former logical object allows customers to define Service Level Agreements (SLAs) and cost (Pay per VM, Reservation Pool and Allocation Pool) for all the physical resources available, while the latter is a logical container for vApps which can have independent users, resource policies (lease, quotas and limits) and content catalogs.
Quite shockingly, VMware only offers six user roles for each Organization vDC: Organization Administrator, Catalog Author, vApp Author, vApp User and Console Access Only.
This definitively doesn’t satisfy the need for granular security permissions in a complex cloud environment like the vCloud one. VMware’s partners like HyTrust are already working on solutions to fill this gap but this basically means yet another component to buy, deploy and manage for customers.
By default, vCloud Director ships with six user roles for each Organization vDC: Organization Administrator, Catalog Author, vApp Author, vApp User and Console Access Only. Customers are able to define custom roles thanks to a number of specific permissions offered by the product.
The vApp is a concept that VMware introduced two years ago, as an evolution of the virtual appliance (VA).
A vApp uses the now standard OVF format to package together multiple virtual machines, the virtual network topology, and even a specific SLA. An organization can either create or import vApps and deploy them in the Organization vDC.
Quite interestingly, a single customer can own multiple Organization vDCs and have them served by different Provider vDCs. This allows different departments in the same company to use different SLAs for their vApps.
Another new level of abstraction is related to the network. Multi-tenancy clouds require isolation at the network level too.
vCloud Director allows to create “super virtual networks”, simply called External Networks, that span across multiple vCenter servers, allowing the vApps to communicate outside their Organization vDCs.
At the same time the product allows to create Internal Networks, that permit the communication between multiple vApps containers.
Besides External and Internal Networks, vCloud Director allows to aggregate all available network links at the vCenter level in Network Pools, that can be linked to specific vApps during the provisioning phase. Network Pools enforce isolation through three different technologies: VLANs, network fencing and portgroups.
VMware allows to further abstract the whole vCloud Director environment, by aggregating together multiple of them in so called vCloud Director Clusters.
VMware is selling vCloud Director as the product of choice for both public and private cloud computing. A key capability for both (mandatory in public clouds but just optional in private ones) is metering and billing. vCloud Director doesn’t have this natively but VMware integrated it with vCenter Chargeback.
The two products are reportedly bundled together and sold with a per-VM licensing.
Another key component of cloud computing is tenancy isolation. VMware is enforcing this through a new security product called vShield Edge. The security technology offered so far, vShield Zones, acquired in October 2008 from Blue Lane Technologies, wasn’t deployable at the perimeter of the virtual data center. This new product is, and its purpose is to filter traffic to/from each vDC in the VMware vCloud.
Like vCenter Chargeback, also vShield Edge is sold in bundle with vCloud Director.
A point that is very important to clarify is that the VMware security management console, vShield Manager, is a mandatory component of the vCloud but it has a dedicated licensing.
Last bot not least, the fundamental part of cloud computing management platforms is the self-service provisioning portal, which also introduces the concept of content catalog.
The resources available through the self-service provisioning portal are Compute (virtualization hosts and resource pools at the vCenter level), Network (vNetwork Distributed Switches and/or portgroups at the vCenter and ESX level) and Storage (VMFS datastore and NFS network shares at the ESX level).
It is possible to have be multiple content catalogs, and each one can contain pre-defined vApps and other media (CD and floppy images) that users can require to deploy.
vCloud Director doesn’t allow to directly use the contents from managed vCenters. Administrators have to copy them first inside the product catalogs and then make them available to the self-service portal users.
Along with vCloud Director 1.0, VMware also released the vCloud API 1.0 specifications. Once cloud providers will start adopting them, it will be possible to leverage the interface to create complex hybrid cloud architectures.
The vCloud API can be further leveraged through vCenter Orchestrator, the orchestration framework that VMware acquired from Dunes Technologies in September 2007 and that is available for free as part of vCenter Server in several vSphere editions.
An interesting point is that the product has been developed for Linux platforms, rather than for Windows like vCenter Server.
It includes a long list of open source components, released by VMware under multiple licenses: BSD/MIT, Apache 2.0, CCDL 1.0, EPL 1.0, Linux GLP 2.1 and 3.0.
These components include the Spring framework, acquired from SpringSource in August 2009.
During the VMworld opening keynote, VMware clarified its vision and strategy to deliver Iaas, PaaS and SaaS cloud computing as part of a single stack, but the integration seems still far away. It’s unclear why Spring is already shipped with vCloud Director.