No tags yet.
Secure your VMware Cloud on AWS Deployment (Auto-scaler & Stretched Cluster)
"VMware cloud on aws" is moving towards maturity very fast, New features are coming on the road maps and existing features are getting robust. When we design a data-center, the thumb rule of a good design is that components (Physical or virtual) should be well protected. When we talk about the protection, to protect our vSphere based data-centers (physical or SDDC) we have been using vSpere HA for years now and it has its own proven capability in-case of host failure in a cluster, HA works really well in VMware Cloud on AWS SDDC and to double the security there is an auto-scaler mechanism also in-place. if a host fails, HA restarts all the VMs hosted on the failed host on another host and Auto-scaler tries to restart the failed host. if even after restarting the failed host it does not come up, auto-scaler starts adding a new host to the cluster automatically and replaces the failed host, This automation is awesome and gives a fastest recovery of a failed infrastructure deployed in the same AWS availability zone.
Now what about protection at Availability zone level ? Yes VMware cloud on AWS has answer for this now as well "A Stretched Cluster" , Though we know that it is likely to happen may be once in years but as we discussed earlier single point of failure is not acceptable at any level .
What is a Stretched Cluster in Vmware Cloud on AWS :
The Stretched Cluster (aka Multi AZ deployment) deploys a Single SDDC across two Availability Zones. for example if you have deployed 6 Servers in an SDDC (6 is the minimum requirement for Stretched Cluster), 3 of them will be deployed in one Availability Zone and other 3 will be deployed in the Second availability zone. Thus it will use 2 Subnets ( one per availability zone) to identify the ESXi with Subnets. Stretched Cluster is using vSan Stretched cluster feature to spin-up vSan in 2 different AZs.
So how does the Failures been communicated ..? Yes your are right there is a Witness Node who takes care of the failure scenarios. This witness node resides outside of the cluster and in a third availability zone.
Not only vSAN this deployment also extends network between 2 availability zones using NSX. This will leverage seamless migration and communication of the workload VMs distributed in 2 AZs.
Here is the list of What a stretched cluster is offering as of today
- Zero RPO high availability for enterprise applications virtualized on vSphere across AWS Availability Zones (AZ), leveraging multi-AZ stretched clustering. Stretched clusters enable developers to focus on core application requirements and capabilities, instead of infrastructure availability.
- Significantly improve your application's availability without needing to architect it into your application - the VMware Cloud on AWS infrastructure delivers protection against failures of AWS AZs at an infrastructure level.
- Stretching an SDDC cluster across two AWS AZs within a region means if an AZ goes down, it is simply treated as a vSphere HA event and the virtual machine is restarted in the other AZ.
The Deployment :
Key point to remember is that a Stretched Cluster option is only available when first time deploying the SDDC. we will not be able to enable this after the deployment is completed or on an existing SDDC.
The process of deployment is same as normal SDDC deployment however you need to select deployment type as Multi Host & Stretched cluster, the moment we select Stretched cluster checkbox number of host will change to minimum 6.
After SDDC properties you select rest of the options as usual and the only change after this you will notice is in the VPC and Subnet Section where you will be able to select the VPC and 2 Subnets from the subnet drop - down (both should be from different AZs)
Once the deployment is complete you will see 2 AZs listed in the summary page of the SDDC, Also if you login to the vCenter you will find a separate ESXi host like entry in the inventory which is out side of the Cluster that is the witness node (towards the bottom of the following pic)
And this is all about the Protection of SDDC. for live demo and understanding use this you tube link :)