Cloud and Virtualization

Concepts
From NDG, in partnership with VMware IT Academy
www.vmware.com/go/academy
Why learn virtualization?
• Modern computing is more efficient due to virtualization

• Virtualization can be used for mobile, personal and cloud computing

• You can also use virtualization in your personal life

This content will help you

• Understand the benefits of virtualization

• Be able to describe virtualization, virtual machines and hypervisors

• Describe typical data center components that are virtualized

• Become familiar with VMware technology popular in industry

Virtualization Benefits
• Have you ever wished you could clone yourself?

• If you could, would you be more efficient? Would you do more?

• Virtualization enables computers to be more efficient in a similar fashion

• Computers that use virtualization optimize the available compute resources

What is virtualization?
Hardware and Software
• Do you use a smartphone, laptop or home computer?

• Smartphones, laptops or home computers are hardware

• Similar to how your brain controls your actions, software controls hardware

• There are different types of software that control computer actions

Hardware
Processor Also called CPU (Central Processing Unit)

RAM Random Access Memory

Read-Only Memory Non-volatile memory that stores BIOS

*BIOS is a type of software responsible for turning on (booting) computer

Motherboard Printed Circuit Board (PCB) that holds the processor, RAM, ROM, network
and Input/Output (I/O) and other components
Chipset A collection of microchips on motherboard that manage specific functions

Storage A persistent (non-volatile) storage device such as a Hard Drive Disk or Solid
State Drive
Software
• System software is necessary for hardware to function

• Operating system (OS) controls the hardware

• Application software tells your system to execute a task you want done
Now that you are aware of the roles of hardware and software, the concept of
virtualization will be easier to grasp. Virtualization is the “layer” of technology
that goes between the physical hardware of a device and the operating system
to create one or more copies of the device.
What is a VM?
• VM stands for “Virtual Machine”

• Virtualization creates virtual hardware

by cloning physical hardware

• The hypervisor uses virtual hardware

to create a virtual machine (VM)
What is a VM?
• A VM is a set of files
• With a hypervisor running VMs, one computer can run multiple OS simultaneously
• A VM can run applications like a physical machine
Did you know?
• Using virtual machines results in more
compute power from a single server.

• When fewer servers are used, it results

in less energy consumption.

• The long term outcome of

virtualization is less space and power
used in data centers.
Did you know?
• Virtual machines lower a data center’s carbon footprint by using less server
space.

• Do you know your carbon footprint?

• Knowing your carbon footprint has environmental and cost benefits.

• The following resources let you measure your carbon footprint:

o https://www.footprintcalculator.org
o https://www3.epa.gov/carbon-footprint-calculator/
o https://coolclimate.berkeley.edu/calculator
The Hypervisor
What is a Hypervisor?

• Software installed on top of hardware (a server) that creates the

virtualization layer

• Hosts VMs

• The hypervisor pulls physical resources (i.e., CPU, RAM) from the server
and turns them into virtual hardware
Types of Hypervisors
• Type 1 Hypervisor – Bare metal hypervisor (VMware ESXi)

• Type 2 Hypervisor – Hosted hypervisor (VMware Workstation)

Virtual Machine Files
• VMs can be exported and moved to other hosts
• Files are created by the hypervisor and stored in a directory
• Example VM files:

File Type File Name Description

Log File <vmname>.log Keeps a log of VM activity

Disk File <vmname>.vmdk Stores content of VM’s disk drive

Snapshot Files <vmname>.vmsd and Stores information about VM

<vmname>.vmsn snapshots (saved VM state)
Configuration File <vmname>.vmx Stores information about VM
name, BIOS, guest OS, and
memory
What is a snapshot?
• Working on a VM and need to save progress or state?

• Snapshots are saved as files in the VM folder (<vmname>.vmx)

• What is saved by a snapshot?

- State of VM disks
- Contents of VM memory
- VM settings
Did you know?
• Creating virtual machines is easy... but...
what happens when you create VMs and
forget about them?

• You create zombies!

• Zombies are powered on and running in

the background, but they are not being
productive.
The Data Center
What is a Data Center?
• Hardware infrastructure that
supports virtualization

• Focus is on processing large amounts

of data

• What are the three main

components?
- Compute
- Storage
- Networks
Compute Systems
• Hardware and operating system software that runs applications

• Difference between a PC and a server

- PCs have a user-friendly interface while servers focus on running programs

• Types of servers:
- Tower
- Blade server
- Rack-mounted server
Compute Systems
• What is the architecture of a server?

• Architecture means the type of processor used by the server.

• Data centers typically use servers with an x86 architecture.

• Classic architecture is 32-bit and in 2003 the 64-bit extension was released
for x86 architecture.

• Virtualization technology is compatible with 64-bit but not 32-bit.

Networks
• Transfer data across the data center so devices can communicate

• What type of hardware is used for networking?

• Switches, Network Interface Card (NIC), Router, Ethernet Cable
Storage
• A data center needs to accommodate high
levels of data
• Compute memory is not adequate
• Data centers use devices built specifically
for storing data
• Data center storage should have two
features: availability and redundancy
Storage - RAID
• Redundant Array of Independent Disks

• Hard drives linked together to create a large volume of redundant

storage

• What are the three methods of writing to RAID?

- Mirroring
- Striping
- Parity

• What do the RAID numbers mean (i.e., 0, 1, 5)?

• Levels of RAID are used to identify types of RAID and what storage
availability and redundancy they offer (i.e., 1 = mirroring, 5 = parity)
 Storage - Block vs. File-Level
• Block-Level Storage – Data is written to and accessed from storage volumes (blocks)

• File-Level Storage – Data is written to disks but accessed from the default file system
Storage – Types of Data Center Storage
• DAS (Direct Attached Storage) – Storage device is directly attached to a server (block-
level)

• NAS (Network Attached Storage) – Storage device is attached to a network, servers on

the network can access device (file-level)

• SAN (Storage Area Network) – Clustered storage devices on their own network that
servers can connect to (block-level)
Common Data Center Storage Protocols
Protocol Application

SCSI (Small Computer System Interface) Medium-sized blade servers, Enterprise

servers, DAS
FC (Fiber Channel) Enterprise servers, SAN

FCoE (Fiber Channel over Ethernet) Enterprise servers, SAN

iSCSI (Internet Small Computer System Enterprise servers, NAS

Interface)
Storage Provisioning
• Thick provisioning: Disk space is strategically pre-allocated to a server, or a
VM.
• This means that the logical space provided by partitioning is equal to the
amount of actual physical space set aside on the physical disk.
Did you know?
• Even though data centers use virtualization they can create I.T. waste
• This is waste is due to stranded compute capacity
• There are four conditions that can cause stranded compute capacity:
• Zombies, Oversized VMs, Siloed Spare Capacity, Snoozing

Zombies
Virtual Data Center
Benefits of a Virtual Data Center
• Data centers use a lot of hardware and virtualization makes hardware more
efficient

• Increased computing resources results in higher availability of applications

• Less labor needed to monitor data center (administrator can monitor from their
desk using a program)

• Software-defined data center (SDDC): Hypervisor pools physical data center

resources into a virtual data center
Did you know?
• Data centers have made great progress in managing energy
consumption.

• A Data Center Knowledge study reported that from 2010 to 2018 there
was a 500% increase in data center utilization, but only a 6%
increase in energy consumption.

• One reason for this is the increase in virtualization and cloud

computing.
What is vSphere?
• Suite of virtualization technology designed for larger enterprise data center
management

• vSphere virtualization tools include:

- ESXi: Type 1 Hypervisor
- vCenter: Management software (installed on management server)
- vSphere Client: Program that configures the vCenter, host, and
operates its virtual machines
- vSphere Host Client: Program that only configures the host and
operates its virtual machines
What is vSphere?
vSphere
What is ESXi?
• ESXi is VMware’s Type 1
hypervisor software installed
directly on the physical server
and creates the virtual layer

• Components of ESXi:
- Unix Microkernel
- VMware Kernel
(VMkernel)
vCenter
• vCenter: Software installed
on a dedicated server to
manage ESXi servers and
other components of a
virtualized data center.
vSphere Client
• vSphere Client: Program
with a graphical user
interface (GUI) that
allows data center
administrators to
connect to vCenter and
ESXi remotely.
vSphere Client
vSphere Host Client
• vSphere Host Client:
Program with a graphical
user interface (GUI) that
allows data center
administrators to connect
to ESXi remotely.

• Allows admins to monitor

the host or VMs at the
host level.
vSphere Host Client
Server Virtualization
• Results in increased efficiency of data center servers because multiple VMs
can be hosted on one server

• Computing resources can be distributed to customers using less hardware

Did you know?
• Servers only
using a fraction
of capacity for
tasks or sitting
idle =
inefficiency
Did you know?
• Multiple
servers sitting
idle results in
higher energy
consumption
for the entire
data center
Did you know?
• VMware
virtualization
allows more
compute on less
hardware, which
means more
efficiency and less
carbon emissions
Storage Virtualization
• Storage capacity is pooled and distributed to
the VMs
- Physical storage devices are
partitioned into logical storage
(LUNs)
- LUNs are used to create a datastore

• How do VMs access data center storage?

- VMs are stored as VMDK (.vmdk)
files on datastore
- VM configuration files (VM settings)
are stored as VMX (.vmx) files
Network Virtualization
• Physical components that make up the physical
network are virtualized to create a virtual network

• What is a vSwitch?
- Virtual switch that virtual devices can
connect to in order to communicate
with each other

• What is a vLAN?
- Virtual Local Area Network that is
segmented into groups of ports isolated
from one another, creating different
network segments
Types of Virtual Networks
• Bridged Network: The host server and the VM are
connected to the same network, and the host shares
its IP address with the VM

• NAT: VMs use an IP translated from the host’s IP

(using NAT device) and communicate on a private
network set up on the host computer

• Host-only Network: VMs use a private network but

do not have translated IP addresses to connect to an
external network, therefore can only communicate to
other VMs on the isolated host network
Application and Desktop Virtualization
• Why use virtualized applications?
- Some applications have specific system requirements
- VMware ThinApp creates a packaged virtual app, that contains the
program and system requirements, and delivers it to the end-user

• What is desktop virtualization?

- Designed to solve computing resource issues faced by the mobile
workforce (workers that need computing without the hardware)
- VMware Horizon takes the resources needed to create a desktop
environment from data centers and delivers it to the end-user’s device
Convergence
• Convergence: Moving from a traditional hardware-based server model to a
virtual data center

• Two strategies:
- Containment: Not deploying any existing applications for customers on
virtual servers. Maintain applications running in the hardware-based data
center.

- Consolidation: Moving applications that are running in the old

hardware-based data center model using VMware P2V technology
What is the Cloud?
The Cloud

• Cloud computing is the delivery of

shared computing resources
(software and/or data) on-demand
through the internet
Did you know?
• Businesses that use the cloud to
run systems and applications
can reduce per user carbon
footprint:

• ↓ 30 percent for large businesses

• ↓ 90 percent for small

businesses
Types of Cloud Computing
Cloud computing is categorized into different
service models. The major types of cloud
computing are:

• Software as a Service (SaaS)

• Platform as a Service (PaaS)
• Infrastructure as a Service (IaaS)
Types of Cloud Computing
• On-premise (private cloud):
You are responsible for all of
your IT infrastructure (software
and hardware)
Types of Cloud Computing
• Infrastructure-as-a-service
(IaaS): You are responsible for
applications, data, OS, and
software. Cloud provider
manages your virtualization,
storage, servers, and
networking.
Types of Cloud Computing
• Platform-as-a-service (PaaS):
You are responsible for
applications, and data. Cloud
provider manages your OS,
software, virtualization,
storage, servers, and
networking.
Types of Cloud Computing
• Software-as-a-service (SaaS):
You are not responsible for any
infrastructure. Cloud provider
manages your OS, software,
virtualization, storage,
servers, and networking.
Cloud Deployment Models
Cloud deployment includes an emphasis on where the hardware or software
is running and who is controlling it.

• Private Cloud
• Community Cloud
• Public Cloud
• Hybrid Cloud
Cloud Deployment Models
• Private Cloud: organization • Community Cloud: different
has complete control over the organizations have control
IT infrastructure. over the IT infrastructure.
Cloud Deployment Models
• Public Cloud: the cloud provider • Hybrid Cloud: organization has its
owns the IT infrastructure and own cloud but also rents IT resources
organizations rent IT resources in on the public cloud.
the cloud.
Did you know?
• Cloud providers are
committing to sustainable
computing goals.

• VMware will partner with

major cloud providers to
help customers transition to
zero-carbon public cloud
resources.
Container Technology
Introduction to Containers
• A container is a package for deploying applications.

• Containers use virtualization technology like VMs but require less resources.

• The applications inside a container are software programs that execute

specific tasks (for example, a text editor or photo editing software).
Introduction to Containers
• Recall that VMs need virtual hardware and an operating system to run
applications.

• The OS has dependencies that allow the VM to run many types of

applications.
Introduction to Containers
• Instead of an operating system, containers use the kernel of the guest OS.

Note

The kernel is like the brain of the guest OS that controls applications running on a VM or Container.
Recall the guest OS is installed on the host.

• Like an OS, the kernel includes dependencies and allows an application to run.

• Without the need for a complete OS, the container uses less resources.
Introduction to Containers
• Containers can be used on VMs since they are less resource intensive.
Introduction to Containers
• VMs use a hypervisor. What do
Containers use for virtualization?

• Containers use a container engine

which puts together all the components
needed to create a container image
(code, runtime library, tools and
settings).

• Docker™ is a popular container engine.

• Kubernetes is a container management

system.
Introduction to Containers
• The container engine runs on the guest OS and creates container images.
Introduction to Containers
Virtual Machine: Container:
● Uses multiple hardware components of ● Lightweight / uses fewer resources than VM
server ● Single server can support more containers
● Single server can support multiple VMs than VM
● Applications on VMs are isolated from each ● Containers share OS resources, so
other applications are not isolated
● Sandbox environment that isolates VMs ● Container images can be more efficiently
from system issues deployed than VM
● Boot time is faster than a physical machine ● Boot time is faster than physical machine
and VM
Kubernetes
• Containers have file systems and need to be networked, scheduled, load-
balanced, and distributed – all of which needs to be managed.

• Kubernetes is a container management platform.

• VMware has made contributions to the Kubernetes software and has

integrated it into its cloud solutions.
Kubernetes
• Kubernetes places a containerized app inside of a pod.

• A pod has at least one container and has its own IP address.

• Kubernetes then groups pods together in a node, which can be either a VM or a

physical machine.
Kubernetes
• The nodes are then grouped in a cluster.
• Each cluster contains a master node, which monitors
and manages the other nodes (worker nodes).
• The master node has several components:

• etcd: stores cluster data

• kube-scheduler: selects the best node to place a pod on
• controller manager: includes a node controller (which deploys nodes) and a
replication controller (which provides pod templates)
• cloud controller manager: embeds cloud-specific operation controls
• kube-apiserver: manages communication between all the components
Kubernetes
Containers in the Cloud
• Containers enable DevOps (Development and IT Operations).

• DevOps is the process of simplifying the development process for an

application.

• Developers can use microservices to speed up the development process.

• Microservices are applications that are tailored to specific business needs

and deployed using container technology.
Containers in the Cloud
• Containers enable app modernization; the process of
updating application technology to be compatible in cloud
environments.

• DevOps uses containers to quickly develop and update

applications.

• App modernization also includes transforming traditional

apps into cloud native applications.

• Cloud native apps are built and deployed using cloud

technologies from beginning to end of the process (cloud
native development).
Container Security
• Containers can deliver workloads and
microservices quickly across
networks and in the cloud.

• It is important to prevent bad actors

from using a container as an entry-
point to a larger environment.

• How do you secure resources

running in a container in the cloud?
Container Security
• One way is through endpoint security:

• Endpoints are devices that are connected

to a network, such as a laptop or mobile
phone.

• Endpoint security is the practice of using

security systems to secure endpoints.

• Endpoint protection provides tools to block

malware, attacks, apply security policies to
containers and report security weak points.
Container Security
• Another way to provide security for containers is workload security.

• Workload security involves tracking and monitoring the workloads on the

containers.

• Workloads can exist on servers (on-premise), virtual servers (software-

defined data center), public cloud, and even the native cloud.

• Managing workload security weak points requires administrators to work closely

with developers, security teams, and IT operations.

• The collaboration between cybersecurity and DevOps has enabled DevSecOps.

Container Security
• Security strategy in the cloud is divided in two ways: Built-in vs.
Bolted-on security.
• Bolted-on security is a traditional security method where security is added
to the operating system and hardware (i.e., installing malware protection).

• Built-in security protocols are built into the system from the start by using
DevSecOps methods.

• Built-in security includes intrinsic security where the security is woven into
the cloud infrastructure.
Container Security
• Providing intrinsic security to the cloud has two main approaches:
Zero-Trust and Micro-Segmentation.
• Micro-segmentation uses individual networking protocols for VMs and
containers on a network.
Container Security
• Zero-trust is a security architecture that implements multiple levels
of security.
• Multiple levels of security must be met before access to
infrastructure is granted.
• Zero-trust has five pillars (levels) of trust:
• Device • Application
• User • Data
• Transport/Session
Container Security
• The following describes how each pillar of zero-trust is achieved:
Pillar Method

Device Methods to secure devices, like endpoint security can be used to achieve device trust.

User User authentication methods like passwords, tokens, multi-factor authentication and risk
analysis of users are utilized for user trust.
Transport/Session Uses micro-segmentation to protect virtual sessions and encryption of data transmitted
at TCP level for transport trust.
Application Workload security, single sign-on (SSO), and application isolation are used for
application trust.
Data For data trust, data protection is used to prevent data from being compromised, lost or
corrupted.
Container Security
• The following is an overview of zero-trust security:

-
VMware Solutions
vMotion
• Moves running virtual machines from one ESXi host to another ESXi host
without service interruption (live migration)

• Increases availability of data and computing resources

Storage vMotion
• Moves the disks and configuration files of a running virtual machine from one
datastore to another datastore without service interruption

• Increases availability of storage

High Availability (HA)
• Pools servers (hosts) and the VMs that reside on them in a cluster so that in the
event of a failure, the virtual machines on a failed host are restarted on alternate
hosts
 Distributed Resource Scheduler (DRS)
• What problem does DRS solve?

• HA clusters need to be monitored and managed. DRS implements a shared management

interface so that the cluster’s resources can be monitored and managed

• vSphere Storage Distributed Resource Scheduler provides the same solution for storage
clusters
Fault Tolerance (FT)
• A secondary copy of that virtual machine and its files is created on another ESXi
host and datastore

• Using FT, the transfer to a different server is seamless and will not be noticeable
to the end-user
Replication
• vSphere Replication makes copies of
VMs in a different physical location,
useful for data protection and disaster
recovery

• Works with vSphere Client to allow

admins to monitor
VSAN
• VMware VSAN (Virtual Storage Area Network)
virtualizes existing storage in data center
servers

• Creates a hyper-converged infrastructure;

integrated virtualized data center components
from one vendor (i.e., VMware) (Do you recall
what a converged infrastructure is?)

• Interacts with vSphere to create one layer of

virtualization software, which is managed by
the vCenter management layer
Hyper Converged Infrastructure
• A Hyper Converged Infrastructure (HCI) is a
software-defined data center infrastructure

• It is a converged infrastructure that has been

virtualized

• Converged : physical data center components

from a single vendor

• Hyper-converged : virtual data center

components from a single vendor
NSX
• Suite of virtualization solutions for data
center networking

• VMware NSX creates a ‘software

network’ on top of the physical network
that can be divided up into many virtual
networks

• Virtual networking components included

NSX-T
• NSX-T does not require vCenter and enables
virtual networking in cloud architectures

• NSX Manager manages NSX-T

• NSX Manager can be installed on any host in

vSphere and provides a GUI for central
control

• NSX-T is equivalent to NSX being integrated

into the private cloud, public cloud, and
containers
VMware Cloud Foundation
• Suite of virtualization solutions for data
center migration

• VMware Cloud Foundation makes it easy

to transition from an existing system to a
virtual data center

• Can be used to virtualize on-premises or

to migrate off-premises to cloud
environments such as Amazon Web
Services (AWS)
vCloud Automation Center
• Cloud management product to quickly
deliver and easily manage personalized
infrastructure, applications, and services
for business needs

• Individuals can have access to a user-

friendly self-service portal to create their
own machines

• Ability to deliver services on different

platforms such as AWS and Azure
VMware Cloud
• VMware cloud can be used to manage applications (including containerized
apps) across any cloud

• It integrates cloud and virtualization tools into a simple architecture

• Enables DevOps and organizations to modernize their apps to be compatible

with various cloud platforms and merge the apps to the cloud
Tanzu
• Tanzu can be used to manage Kubernetes (K8s) across any cloud

• Running cloud native apps in multi-cloud environments requires organization

• Tanzu simplifies the process of delivering apps in a cloud environment to the

clients

• Tanzu is an application program interface (API) that acts as intermediary

between the cloud and Kubernetes

• It can be integrated and managed in vSphere and the cloud with one interface
Tanzu
• Tanzu runs on a Kubernetes grid and manages clusters

• This creates a Tanzu Kubernetes Grid (TKG)

• The Tanzu Mission Control is a management interface for the clusters, and
operates and secures K8s in the cloud
CloudHealth
• Analyze and report your cloud costs,
usage, performance, and security

• Monitor groups of resources or specific

resources such as CPU, memory, and disk
usage
Carbon Black
• Carbon Black secures the resources running in a container, by
protecting the endpoint

• Carbon Black is an intrinsic approach to security because it can be

integrated in the private or public cloud

• It uses telemetry (analytics and data) to analyze security scenarios to

predict threats
Carbon Black
Did you know?
• VMware is committed to
ensuring a safer cyber
world with intrinsic security

• You can watch this VMware

video about security
strategy to learn more!
Who is VMware?
• VMware provides virtualization
solutions for individuals and
organizations

• You can learn more about the

VMware story in this VMware video

• Check out the VMware timeline for a

glimpse into the history of VMware
VMware 2030 Agenda
VMware 2030 Agenda
• VMware is planning for the future by There are five elements of the
committing to the VMware 2030 Agenda agenda that are relevant to what
you’ve learned about virtualization
• The 2030 Agenda is a commitment to measure in this course:
VMware’s Environmental Social Governance
(ESG) impact 1. Workload carbon-efficient
2. Zero carbon (public clouds)
• If you want to learn more about the 2030
Agenda and how what you learned in Cloud 3. Carbon transparency
and Virtualization Concepts applies to a 4. Technology accessibility
mission of global environmental impact, click
here! 5. Intrinsic security