does MS Private Cloud Provide what I need ?

Private Cloud are coming into Microsoft System Center 2012 products Family but users will soon discover that deploying private cloud using SCVMM lacks good network infrastructure support that will be a huge blocker against wide deployment of Private cloud using SC 2012 for Private cloud service providers.

According to MS SCVMM documentation the definition of Logical network is:

“Logical Networks

A logical network together with one or more associated network sites is a user-defined named grouping of IP subnets, VLANs, or IP subnet/VLAN pairs that is used to organize and simplify network assignments. Some possible examples include BACKEND, FRONTEND, LAB, MANAGEMENT and BACKUP. Logical networks represent an abstraction of the underlying physical network infrastructure which enables you to model the network based on business needs and connectivity properties. After a logical network is created, it can be used to specify the network on which a host or a virtual machine (stand-alone or part of a service) is deployed. Users can assign logical networks as part of virtual machine and service creation without having to understand the network details.

You can use logical networks to describe networks with different purposes, for traffic isolation and to provision networks for different types of service-level agreements (SLAs). For example, for a tiered application, you may group IP subnets and VLANs that are used for the front-end Web tier as the FRONTEND logical network. For the IP subnets and VLANs that are used for backend servers such as the application and database servers, you may group them as BACKEND. When a self-service user models the application as a service, they can easily pick the logical network for virtual machines in each tier of the service to connect to.”

Although this definition is true and honored by SCVMM when deploying service to Host groups it is not quit true when it comes to deploying service to private clouds. Privet Clouds in SCVMM lacks the support of “Model the network based on business needs and connectivity properties” ,in this article below are steps that show how Private cloud don’t fully support logical Networks concept .

Private cloud in SCVMM honor the logical networks definition but does not provide Private cloud consumers with any control over the networking when deploying service to Private cloud neither in SCVMM console nor in App controller web interface.

Only flat logical networks or fully routed VLANS (no firewall) can be used when deploying service templates to Private cloud. In my opinion this will be a huge blocker in deploying Private clouds solution using SCVMM as Many Hyper-v Hosts would be equipped with trunked Network Adapters utilizing 10 GB Ethernet links that will be shared in multi-Tenant scenarios but also need network traffic isolation and has security separation requirement.

In a multi-tier service scenarios deployed to Private Cloud with requirement to have each tier into a separated zone due to security consideration and where each VLAN is separated from the other with Firewall rules. This type of service will fail to deploy as SCVMM will pick VLANS automatically Miss placing VM placement into the wrong VLAN.

The fact that, a Private cloud consumer has no control over private cloud network assignment during service template deployment will make adapting Private cloud less desired solution to consumers.

Also Deploying Service template to SCVMM host group and MS Private Cloud does not have a constant deployment methodology across SCVMM.

You can simulate this by creating a simple multi-tier service template and try to deploy it into Host Group then into a Private Cloud, consider the following case:

Let say that I have a Hyper-v Host with Trunk port that has 3 VLANS 40, 60,200

VLAN 40 (represent Internet DMZ zone)

VLAN 60 (Represent Application DMZ zone)

VLAN 200 (internal network)

clip_image002

Each VLAN has an IP pool:

clip_image004

Business needs:

I want to create a 2 tier service template the contains 2 VM , one of them will be a web server located in the internet DMZ zone VLAN 40 and the other would be in the Application Zone VLAN 60

After creating the service template and during the service deployment phases, user can control and select to which IP Poll each machine belongs and hence in which VLAN VM is allocated.

When deploying service template to host group:

clip_image008

I can select the properties of each VM tier and select the corresponding IP Pool and VLAN Configuration and VMs gets deployed to the correct VLAN.

clip_image010

clip_image006

Deploying service template to Cloud:

Now I have created a Private cloud on the Same Hyper-v Host that use the same Logical networks. The Private Cloud can be assigned whole logical networks with no further control. Users will not know to which network or VLAN their Virtual machines have been assigned

clip_image012

When deploying the same service template to cloud, user can’t select the IP Pool for VM tier

clip_image014

In the deployment configuration workspace users don’t have the option to select IP pool per VM

clip_image016

SCVMM will select random VLAN for each VM, which does not satisfy the deployment business requirement for this service.

Advertisements

About Hikmat Kanaan

I’m big fan of technology; I have worked almost with every MS windows OS up to Windows 8 and server 2012 including OS deployment, AD and almost every MS OS service included major MS products ISA ,TMS, Exchange, System center ,Sharepoint ,SQL , Storage system, Networking, security, Cisco, HP, and Checkpoint products. Designing and Architecting IT solutions and infrastructure . I do admire automation and working based on best practices toward building highly reliable solution that provide the required services to Business. I also run the Jordan IT professionals user Group http://www.jitpros.net
This entry was posted in Private cloud, VMM2012 and tagged . Bookmark the permalink.

3 Responses to does MS Private Cloud Provide what I need ?

  1. Michael says:

    Did you ever happen to find a satisfactory work around for this problem?

    • Hi, The quick Answer is NO.
      But using SCVMM 2012 SP1 and windows 2012 this problem was solved using the new VM network configuration , I will soon post series of articles that discuss the advanced networking options in Windows 2012 and SCVMM 2012 SP1 that include solution to this issue

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s