Tag Archive: vApp


It looks like the last post generated some interest around the networking side of things – particularly the use of vShield firewalls ( or my complete lack of them ) . I’ve done a little more digging and while it wasn’t immediately obvious to a newcomer to cloud director , there is a  way of using the vShield firewalls within a deployment – that’ll serve me right for not fully RTFM 🙂

 

By deploying an additional network for a given vApp , I am able to connect that to the internet connection and specify some NAT & Firewall rules to publish services from that application to the network. It also makes the vApp diagram look pretty.

 

imageNote that the Management network ( as I’ve called it ) is a vApp specific network rather than an organisation wide one, hence why I still have an internal network connection to the VM so that it can talk to other VM’s with the VDC. The firewall VM I configured earlier is organisation wide , so any machine in the VDC could be publish via it. For larger deployments I wonder if it would make sense ( although its not really within the spirit of “the cloud”  ) to use hardware devices for edge networking – for example an f5 load balancer. While they do have a VM available which would offer a per vApp LTM instance , some shops may want the functionality of the physical hardware ( for example SSL offload ) . There may also be licence considerations when it comes to deploying the edge layer as multiple virtual instances.

 

Still to come in subsequent posts – deploying a “real” application to a public vCloud Director instance.

image

I was recently selected to take part in a public beta for the London Based hosting provider Stratogen . The beta is based on their vCloud Director offering and has be great to taking a look at the “cloud” from a consumers point of view.

As far as the trial has been put together , I’ve been set up as an Organisation with a single VDC , allocated a fixed resource pool of some compute , memory and storage. Networking wise I’ve been set up an internal and external network , with a pool of IP’s on each.

My aim for the beta was to see from a virtual machine administrator’s perspective how easy it was to set up an application in the cloud from scratch. What I would really have liked to have done was built an application in my home lab and then federated that up to the cloud , but sadly that was beyond scope for the moment. Perhaps in the future I’ll be able to give that a go.

Stratogen haven’t currently put their own UI on top of Cloud Director, so it currently looks like the usual cloud director interface – its important that I must stress the beta is still at pretty early stages , so anything can ( and possibly will ) change.

image

So , After login , I was presented with the pretty default looking screen above. In my usual style when I get my hands on a product I tend to have a little click around to see what I can see without having to delve into any setup guides.

It all looks pretty locked down at the Organisation / Resources side of things , I can only see my own VCD , and aside form changing machine leases & the comments about my Organisation , not a whole lot to be able to change.

With Nothing deployed , I had no vApps to manage , so it would seem sensible to try and deploy a machine. Thankfully Stratogen had put a few sample vApps in a public catalog– mostly apps containing a single VM of varying operating systems , Windows 2008 R2 , Centos Linux & RHEL.

Having spent  many of my formative years as a Windows admin , it makes a good common denominator so I chose to deploy a windows Vm to see what would happen. After a short Wizard allowing me to name the Vm and set its lease , I had to select the network to put the VM on. I wasn’t keen on putting this VM directly into the public network – as an admin , I wasn’t to sure of what patching level it was, nor did I know how open the public network was either, so erred on the side of caution , and selected the private network to home the VM.

While I wouldn’t have said the Vm provision was instant , it was pretty fast ,along with a host customisation that set a random admin password for me. Because I’d put the Vm on the private network, I wasn’t able to RDP directly into it from my workstation, so initially was restricted to the embedded vm console application – which in server 2008 r2 can be a little bit painful to use , I suspect the WDDM drivers weren’t in use – however this is an easy fix that I’d have probably had to do anyways. Improved though the connection now was, on my home DSL line , which isn’t all that fast to begin with , performance was a little lacklustre. I needed RDP.

I dropped the Stratogen chaps a mail about what my options where from a security point of view in the beta – it seem that in a fully managed service there would be a lot more control over the hardware firewalls available , but as a beta customer and in the interests of keeping it virtual, I would probably be better off deploying my own firewall.

 

Had this been a “real” deployment , I would have looked at something like vShield app (http://www.vmware.com/products/vshield-app/) or Checkpoint VE edition (http://www.checkpoint.com/products/security-gateway-virtual-edition/index.html) however given that my beta test is on a zero budget , I’m going to have a look a little cheaper. I would have loved to have deployed a m0n0wall appliance (http://www.vmware.com/appliances/directory/628223) however because the appliance is delivered as a VMDK , I’d have had to somehow convert it to an OVF file with a way to import the VMDKs from a public web server , which at this point wouldn’t be practical. What I was able to locate was a firewall deployed from an ISO image of the Endian Community Edition. http://www.endian.com/en/community/overview/ . This is a turnkey Linux install that will allow me some basic firewall functionality. I am able to use this to open up pinholes to my private network and publish any services from within.

 

Coming up in Part 2 – Deployment of a load balanced multi tier application in a public cloud.