5.8
Table Of Contents
- vCloud Suite Architecture Overview and Use Cases
- Contents
- About this book
- Introduction to vCloud Suite
- Architecture Overview
- Conceptual Design of a vCloud Suite Environment
- vCloud Suite Components in the Management Cluster
- Software-Defined Data Center Core Infrastructure
- Delivering an Infrastructure Service
- Delivering Platform as a Service
- Deploying vCloud Suite
- Install vCloud Suite Components
- Update vCloud Suite Components
- External Dependencies for Deploying vCloud Suite
- System Requirements of vCloud Suite Components
- Security Considerations
- Licensing
- vCloud Suite Licensing Model
- Activating vCloud Suite Components in the vSphere Web Client
- Activating vCloud Suite Components in the vSphere Client
- Add the vCloud Suite License by Using the vSphere Client
- Assign the vCloud Suite License to vSphere in the vSphere Client
- Assign the vCloud Suite License to vCenter Operations Management Suite in the vSphere Client
- Assign the vCloud Suite License to vCloud Networking and Security in the vSphere Client
- Assign the vCloud Suite License Key to vCenter Site Recovery Manager
- Activating vCloud Suite Components by Using Their Own Licensing Interfaces
- Monitoring License Usage for vCloud Suite
- vCloud Suite Use Cases
- Index
Figure 3‑1. Virtual Machine Isolation
CPU memory disk network and
video cards
SCSI
controller
mouse CD/DVD keyboard
Virtual Machine
Operating System
Virtual Machine Resources
app app app app app
Because the VMkernel mediates the physical resources and all physical hardware access takes place through
the VMkernel, virtual machines cannot circumvent this level of isolation.
Just as a physical machine communicates with other machines in a network through a network card, a
virtual machine communicates with other virtual machines running in the same host through a virtual
switch. Further, a virtual machine communicates with the physical network, including virtual machines on
other ESXi hosts, through a physical network adapter.
Figure 3‑2. Virtual Networking Through Virtual Switches
Hardware Network Adapter
links virtual machines to
the physical network
Physical Network
virtual
network
adapter
ESXi
Virtual Machine
virtual
network
adapter
Virtual Machine
VMkernel
Virtual
Networking
Layer
Virtual Switch
links virtual
machines together
These characteristics apply to virtual machine isolation in a network context:
n
If a virtual machine does not share a virtual switch with any other virtual machine, it is completely
isolated from virtual networks within the host
n
If no physical network adapter is configured for a virtual machine, the virtual machine is completely
isolated from any physical networks.
n
If the same safeguards are used (firewalls, antivirus software, and so forth) to protect a virtual machine
from the network as if it were a physical machine, the virtual machine is as secure as the physical
machine.
Virtual machines can be further protected by setting up resource reservations and limits on the host. For
example, through the detailed resource controls available in ESXi, a virtual machine can be configured so
that it always receives at least 10 percent of the host's CPU resources, but never more than 20 percent.
Chapter 3 Deploying vCloud Suite
VMware, Inc. 33