The Software-Defined Data Center

Software-Defined Architectures That Deliver Impact Today a software-defined architecture leverages logical infrastructure services that are abstracted from, as opposed to integrated with, the underlying hardware. Several of today’s largest technology companies in the Internet and social network space leverage this approach to drive aggressive cost savings and improve manageability for certain types of workloads. These hyperscale architectures use commodity hardware components, which are then combined with proprietary technologies such as custom applications, platforms, and containers. The final service.

For example, social media and proprietary public cloud service—is then provided to customers.

However, for the SDDC to be most applicable to enterprises, it must meet four key requirements—key pillars of the VMware architecture for the SDDC: First, it must run traditional applications, without re-architecting them, in addition to cloud-native applications. Second, it must enable IT organizations to build on their existing skills in running virtualized IT environments, while providing developers with self-service access. Third, it must enable both on-premises data centers and cloud-based services, with seamless management across both. Last, it must securely protect the infrastructure while providing elastic scaling or bursting of services. The VMware approach to the SDDC meets each of these requirements, and it powers the data centers of many enterprises worldwide. The result is an SDDC platform that enterprises can adopt to run any application on top of any x86, storage, and IP network hardware. Hardware-Defined Data Center (HDDC) Any Application Any Application VMware Approach Custom Application Any x86 Any Storage Any IP Network Any x86 Any Storage Any IP Network hardware

Outcomes Delivered by a Software-Defined Data Center : An SDDC delivers business outcomes across two main areas: First, it enables companies to shift resources toward innovation and business growth by driving efficiency and ensuring that IT no longer is a rate-limiting step in launching new business projects. The following are among the outcomes that enable this shift for IT:

• Data Center Virtualization and Hybrid Cloud Extensibility – Significantly reduces CapEx (Capital expenditures) by standardizing services on logical resources and simplifying the data center footprint

 • Streamlined and Automated Data Center Operations – Drives ongoing operational efficiency and helps administrators spend more time on value-added projects

• Application and Infrastructure Delivery Automation – Rapidly delivers holistic IT services on demand, from traditional multitier applications—Exchange, for example—to in-memory databases—HANA and GemFire, for example—to distributed high-performance computing workloads—Hadoop,

 For example second, an SDDC helps companies deliver secure and resilient services with two key outcomes for IT:

 • Security Controls Native to Infrastructure – Shifts security from perimeter defense to fine-grained isolation with micro-segmentation

• High Availability and Resilient Infrastructure – Simplifies the architecture needed to support business continuity and automation of the disaster recovery process each of these outcomes is detailed in the following sections.

Each of these outcomes is detailed in the following sections.

Data Center Virtualization and Hybrid Cloud Extensibility Traditional enterprise data centers are often built on proprietary hardware or application silos with high equipment costs and manual operations. Server virtualization has improved data center economics by consolidating applications into fewer physical server hosts, but network and storage operations can still be complex. As data volumes continue to grow and data centers build capacity for peak workload conditions, CapEx quickly consumes much of the IT budget.

With the SDDC, data center virtualization and hybrid cloud extensibility enable IT organizations to support growth and scale, even while CapEx budgets stay relatively flat. This is delivered by two key improvements to the data center: First, abstraction and pooling of compute, storage, and network workloads on standardized infrastructure dramatically reduces service unit costs, enabling economics comparable to those associated with public cloud service providers. Second, by bursting to a public cloud based on the same SDDC platform, IT no longer must own capacity for peak workload conditions. To fully abstract, pool, and automate infrastructure services, four key steps regarding compute, storage, networking, and management are required. The first step, server virtualization, has already been completed by Fortune 500 companies, all of which use VMware vSphere® to run business-critical applications. Today, more than 50 percent of all workloads worldwide are virtual.  VMware studies indicate that each of the most common business-critical applications—for example, Oracle, Microsoft, and SAP databases; Exchange Server and SharePoint Server—have been virtualized by more than half of vSphere customers having those applications. The remaining steps to an SDDC include storage, networking, and management. Enterprises can adopt these in any sequence. Software-defined storage is a common next step. Traditionally, storage administrators pre-allocate logical unit number (LUN) addresses of storage in shared storage hardware, making idle capacity available for virtual machine disks when virtual machines are created. Several different LUNs can be created, based on performance and business continuity requirements. With software-defined storage, virtual workloads are decoupled from physical storage. Software-defined storage will pool all storage capacity into a data plane and assign storage by using a policy-based control plane that is informed with the performance characteristics of the underlying storage targets. The result is application-centric or virtual machine–centric control of pooled storage resources. The VMware architecture for the SDDC adds another tier of distributed storage for improved flexibility. This provides better performance in specific use cases—virtual desktop infrastructure, for example—and better economics in others. For example, a disaster recovery site or development testing environment might be small enough to not warrant shared storage hardware such as a SAN. The VMware architecture for the SDDC provides a VMware Virtual SAN™ that uses server direct-attached storage that is transparent to the application or virtual machine. SDDC network virtualization creates a logical network that is decoupled from physical network topology. In traditional physical network topology, even for server virtualized environments, network traffic between virtual machines must be converted to the physical network and routed to core and aggregation layers. This is also known as north–south traffic. It is necessary in many instances, even if the communicating virtual machines—that is, east–west traffic—reside on the same server host. Consider this analogy: driving to the next-door neighbor via the interstate highway system. A virtual network is essentially flat and can significantly reduce north–south traffic, making more efficient use of network capacity. Multiple logical networks can be repurposed and managed, using the physical network as a simple backplane. This approach enables IT to treat the physical network as transport capacity that can be consumed and repurposed on demand. SDDC cloud management provides an end-to-end view of SDDC infrastructure resources. It drives additional CapEx savings via machine learning, capacity planning, and policies defined by the SDDC administrator. This management can control both private clouds—an on-premises data center—and public clouds—those hosted by providers—to build a hybrid cloud. The VMware architectural platform for the SDDC enables hybrid cloud extensibility because services from multiple providers can be managed as parts of a single virtual cloud, without changing the application, internal network, or any of the standard protocols used. This enables enterprises to cloud-burst to the public cloud during periods of peak demand. For enterprises using a VMware approach to the SDDC, public clouds are a literal extension of their private cloud data center.

Data center virtualization and hybrid cloud extensibility deliver significant CapEx savings and enable IT organizations to provide highly efficient and flexible IT services. The SDDC empowers IT to use a hybrid cloud strategy under a unified management framework, and it positions IT to be an enabler and strategic partner to the business.

Streamlined and Automated Data Center Operations Through adoption of an SDDC, IT organizations can reduce both technical and operational inefficiencies that have traditionally increased OpEx and CapEx. Capacity planning, monitoring, compliance, and automation in traditional data centers require manual efforts. These efforts are often plagued by one-off hardware, inconsistent configurations, and lack of time as staff move reactively from one project or crisis to another. In contrast, an SDDC offers streamlined and automated data center operations that can reduce OpEx by as much as 56 percent.4 An SDDC provides a unified platform for intelligent operations across physical hardware, virtualized environments, and cloud infrastructures, giving deep insight into all aspects of the data center, including compute, storage, and networking. With this information, IT conducts data-driven health monitoring, performance analysis, and capacity planning. At the core of SDDC intelligent operations are software tools that are inherently and deeply integrated into virtualized compute, storage, and network components of the infrastructure. By leveraging their unique position in software-defined infrastructure and native machine learning capabilities, these tools offer predictive analytics to IT operators, enabling proactive issue identification and resolution. With an SDDC, all elements of the data center are persistently analyzed for capacity constraints and health. Capacity reports are perpetually available for all elements in the data center and are presented in an applicationcentric manner. Health alerts are presented proactively and include automated remediation for common issues. Software-based management of all elements of the SDDC are also leveraged to provide automated detection, enforcement, and remediation of security-hardening guidelines, configuration standards, and regulatory compliance requirements. Analyzing infrastructure-, operating system–, and application-level configurations against regulatory requirements—PCI, HIPAA, SOX, and so on—provides advanced insight into the compliance status of sensitive workloads. The SDDC extends these capabilities beyond the private cloud based on vSphere—out to physical servers, other hypervisors, and hybrid clouds. An SDDC enables IT to streamline and automate complex data center operations. From day 0 activities such as installation and configuration of infrastructure and servers, to day 1 operations such as scaling and troubleshooting problem remediation, and even to day X operations that involve application provisioning, monitoring, capacity planning, and availability, an SDDC delivers OpEx savings that enable administrators to spend more time on value-added projects. This ultimately improves the bottom line and the ability of the business to quickly and competitively react to changing market conditions.

Application and Infrastructure Delivery Automation In today’s competitive marketplace, leading businesses are discovering that they must include IT as a core competency of the business rather than as just an internal department that supports computing needs. Faced with increasing competitive pressures and the accelerating pace of business in the mobile cloud era, IT consumers expect to be able to go online, request a new application or compute resource, and receive it in a matter of minutes—not days or weeks. So IT organizations must deliver applications and IT services to their customers more quickly and more efficiently so those applications and services begin contributing to the business revenue stream as soon as possible. Not only are speed and efficiency important in this new paradigm, but so too are predictably high-quality results. To consistently deploy and configure infrastructure components, applications, and middleware, IT defines blueprints of all elements—virtual machines, virtual networks, storage infrastructure, and so forth—and integrates those blueprints into automated workflows and provisioning policies. Blueprints ensure that workloads are deployed in a known-good configuration, while workflows guarantee that all deployment components are provisioned in the correct sequence, with all dependencies and interrelated systems accounted for. Finally, governance policies enforce performance tier placement, regulatory compliance, availability, and cost concerns so the right workload is deployed to the right infrastructure components or hybrid cloud environment without the risk of human error at each step. With SDDC automation, IT can abstract the process of requesting resources from internal silos. It can then pool those resources—whether physical, virtual, process, or human—so a layer of policy-driven automation can be leveraged to complete IT work streams with much less friction. IT can, in effect, provide itself with self-service capabilities. With initial delivery streamlined, IT now has the time and resources to automate day 2 operations such as scaling, updating, migrating, and business continuity/disaster recovery (BC/DR). These operations also benefit from ordered workflows of blueprinted services guided by policies that ensure expedient and quality operations. With policy-driven automation, IT can confidently offer a catalog of standardized services to business units, with costing exposed for decision makers, extending the benefits of self-service to business consumers and freeing IT to dedicate more time and resources to solving business problems. The results are infrastructure as a service, automated application and middleware services, and continuous application delivery. An SDDC brings faster delivery of infrastructure, applications. and services—across multiple hardware platforms, hypervisors, and cloud environments—empowering IT to deliver personalized and business-relevant services while improving overall IT efficiency.

 Security Controls Native to Infrastructure

An SDDC architecture inherently addresses some fundamental limitations in data center design that have constrained security professionals. Server virtualization has helped make IT more efficient and flexible. However, the dynamic nature of workloads in virtual environments makes traditional security approaches such as virtual route forwarding, access control lists, and physical firewall rules prohibitively complex to implement. Traditional virtualized data centers become difficult to secure. Security is intrinsic to the design of an SDDC, where the network is virtualized. First, the ability to programmatically create, snapshot, move, delete, and restore virtual machines is now extended to virtual networks and security services. The physical network is a pool of transport capacity that can be consumed and repurposed on demand. Second, virtual networks are by default isolated from one another, as well as their being isolated from the underlying physical network. An isolated virtual network can include workloads distributed anywhere in the data center or in offsite data centers, and several isolated virtual networks can be on the same hypervisor. This isolation protects against attacks initiated by workloads in any workloads in any virtual network, without the use of the previously mentioned traditional approaches.

One powerful implication of this approach is that security controls can now be applied to individual virtual machines or small groups of virtualized resources – this approach is known as microsegmentation. Microsegmentation has been understood to be a best-practice approach from a security perspective but difficult to apply in traditional virtual environments in which virtual machines move due to load balancing and so on. Firewall rules must be modified every time a virtual machine is added, moved, or decommissioned, which is operationally impractical. This has led to a focus on perimeter defense, an approach that modern attacks often exploit. The inherent security and automation capabilities of network virtualization, where security services follow the workload, make microsegmentation operationally feasible in the enterprise data center for the first time. By leveraging security native to the virtual infrastructure, companies not only provision applications faster but also improve security and compliance. The VMware implementation of network virtualization is also extensible by using a service composer, which third parties leverage to tie in their network and security services. A virtualized network enables on-premises networks to extend to external sites and facilitate connectivity with hybrid clouds. This enables companies using SDDC and network virtualization to help safeguard critical corporate information as they adopt the hybrid cloud.

High Availability and Resilient Infrastructure: ---------------> 

By leveraging the capabilities of an SDDC based on VMware technologies, IT can provide high availability and recoverability for all workloads. An SDDC also offers flexible deployment models for disaster recovery, helping to minimize downtime from local or site failures. More important, this can be accomplished while both reducing CapEx on hardware at both primary and recovery sites and lowering OpEx to manage application availability and data protection. At the core of these capabilities is VMware vSphere with Operations Management™, providing a platform with intrinsic availability and recoverability features on which to deploy mission-critical workloads. With availability features defined in software and available to all workloads running on the infrastructure, IT can provide the same level of protection to all applications without having to choose which application to prioritize over another. An SDDC extends consistency between private and hybrid clouds, thereby increasing the levels of choice and flexibility of IT in designing availability, recovery, and failover solutions. Because an SDDC abstracts differences in underlying hardware from the workloads running in the data center, failover becomes simple. Complete application stacks, or even entire sites, can be failed over with minimal effort and time, increasing recovery point objectives (RPOs) and recovery time objectives (RTOs). In an SDDC, everything that is needed to run an application is defined in software: networks, storage capabilities, security policies, and compute performance requirements necessary to ensure SLAs. The policy-based, automated actions of an SDDC guarantee that when workloads are recovered or failed over, the infrastructure required to support defined performance, availability, placement, and security are instantiated as needed. By combining automation and orchestration with software-defined infrastructure, disaster recovery scenarios require little more than an administrator’s approval to fail over the software-defined workload to another site or even to a hybrid cloud based on the same SDDC platform. There is no need to reconfigure networks, storage, or compute to support the application. Entire runbooks are automated, with full orchestration of failover, disaster recovery, site network configuration, and application startup, for complete SDDC BC/DR automation. An SDDC also provides seamless extension of disaster recovery to off-premises hybrid clouds, to simplify BC/DR without the need for additional CapEx or OpEx to support a secondary site. As IT abstracts and automates elements of the SDDC infrastructure, self-service availability and disaster recovery for applications become possible. IT can expose availability options to business owners through a self-service portal. For example, an application owner can be given options for availability in the event of a disaster—5 minutes, 30 minutes, or 2 hours of downtime, for example—along with the associated costs. Options are limited by the permissions applied to the user, entitlements to resources associated with the user’s business unit, and predefined policies for resource consumption. For example, when the application owner changes a setting, a series of configuration modifications can occur transparently to the user without manual IT intervention.

The virtual machine that the application runs on can be assigned a new storage policy that places it on replicated storage. The virtual machine can also be added to a disaster recovery protection group, be connected to a programmatically created virtual network at the disaster recovery site, have its full-image backup frequency increased, and have new and intelligent monitoring alerts configured. All changes are logged in a configuration management database (CMDB), and all necessary alerts, approvals, and notifications for the change are sent to the appropriate individuals. This results in increased business satisfaction, improved availability, and reduced IT effort. An SDDC provides a holistic approach that ensures that data is always available and that applications and services are not interrupted when infrastructure components fail. SDDC automation reduces the level of effort required to extend protection to all applications, and self-service introduces new paradigms to increase business agility and choice.

Getting to the Software-Defined Data Center

 Because the VMware implementation of the SDDC is hardware and location agnostic, companies have a wide set of options in leveraging products and services from VMware and its partners. Most enterprises leverage a hybrid cloud strategy, choosing to transition existing data centers into software-defined architectures while also leveraging public cloud services. Implementation Options Overall, there are three approaches to building an SDDC, each with its own benefits and rationale.

The first approach is “Build Your Own”: Purchase traditional hardware and SDDC software. Integrate them in-house via reference architectures. For example, all Fortune 500 companies today virtualize their servers with vSphere, the first step in building an SDDC. “Build Your Own” offers two key benefits: First, it enables enterprises to gradually transform over time in deploying network virtualization, software-defined storage, and a cloud management platform. Second, because an SDDC is hardware agnostic, this approach also provides an extremely wide range of hardware options to choose from, so enterprises can choose hardware configurations they believe are optimized for certain workload types. The second approach is to leverage Converged Infrastructure, a model through which traditional data center components such as shared storage arrays, servers, and switches are integrated and sold in a single chassis. A prescriptive software stack frequently is preinstalled, often with server virtualization. This approach simplifies the hardware engineering and integration process and enables customers to adopt the remaining SDDC components—network virtualization, for example—at their own pace

The third and most recent approach is to leverage Hyper-Converged Infrastructure (HCI). HCI aims to do three things: First, it preinstalls and integrates all SDDC components—server, storage, and network virtualization, as well as cloud management—so the customer immediately gets the full benefits of an SDDC. Second, it essentially implements a reference architecture developed by VMware with its hardware partners, which reduces complexity for IT. Third, it automates the ongoing life cycle management of the infrastructure, whether it is updating an SDDC software component—a vSphere upgrade, for example—or updating firmware from hardware vendors. Security patches are also automated in the same manner.

Beyond the Technology: People and Processes CIOs know that successful technology and operations initiatives are possible only with effective change management of organizations and processes, beyond the technology. SDDC technology itself does not prescribe an organizational structure for IT. But it does have implications as to how enterprises can architect and engineer their services and how they can engage the business. As with the traditional data center operating model, the SDDC operating model benefits significantly with improved coordination between IT teams. The benefits to IT with an SDDC, however, are dramatically more powerful. Best-practice companies implementing SDDCs have integrated IT architecture teams that are empowered to collectively develop application blueprints and other policies that can be automated by an SDDC. These teams often include key members from server, network, storage, security, and disaster recovery areas. This approach has both immediate and long-term benefits. By developing an operating model that leverages SDDC outcomes, new request workflows and incident management scenarios significantly improve. An SDDC provides application-centric, end-to-end visibility over and control of the underlying IT services. Over the longer term, the architecture team develops an implementation plan to transition to an SDDC at the appropriate pace, as opposed to solving for local optimums within IT technology areas. The SDDC enables IT to transition toward a lean services operating model, using machine learning, application-centric cloud management, and service cost transparency to steadily help IT drive continuous operational improvements.

Software-Defined Data Center Technologies Delivered by VMware : VMware offerings for the SDDC span both software and hosted services technologies. VMware also provides professional services and training to help customers with their transition. Table 1 is a nonexhaustive overview of software and hosted services based on SDDC technology. These products are available both as standalone and as part of broader suites. For example, VMware vCloud Suite® ® includes VMware vSphere, VMware vRealize™,

and other SDDC components.

Conclusion The Software-Defined Data Center (SDDC), a proven architectural approach based on virtualization and automation, drives many of today’s leading data centers. The VMware approach enables companies to adopt SDDC technologies at their own pace, without having to rip and replace the existing infrastructure. The VMware architecture for the SDDC enables IT to adopt a hybrid cloud strategy and empowers enterprises to achieve outcomes that enhance efficiency and security while achieving faster time to value for new IT projects. It gives individual technology organizations the flexibility to reimagine their role within IT and enables the broader IT organization to become a strategic partner to the business.

                          ---0---