For Day 1, I had the following sessions scheduled.
MGT5913 — How VMware Improved Developer Productivity with vRealize Automation to Deploy the vRealize Automation Application Stack NET5529 — The Practical Path to NSX MGT5360 — Introducing Application Self-Service with Networking and Security Using vRealize Automation and NSX
I’d like to touch on my thoughts on each of these sessions and they translate to a business, and my lab where applicable…
MGT5913 — How VMware Improved Developer Productivity with vRealize Automation to Deploy the vRealize Automation Application Stack
This session was actually a really cool «make you think» session. The presenters were excellent, and talked about real experiences inside the development teams at VMWare. You really could tell these were the guys who DO or LEAD development teams.
So why was this a «make you think» session? Because they are using vRealize Automation (vRA moving forward) to DEPLOY vRA! Mind = blown. It reminds me a lot of something that Skynet in Terminator would do. Take a moment to think of what this means technically. In a distributed vRA deployment you could 10+ systems being deployed between your Automation Appliances, Orchestrator Appliances, DEMs, IAAS servers, etc…
What I really liked about this session is that they showed actual system screenshots. It wasn’t all poewrpoint fodder. There was legitimate workflows being shown, legitimate configurations. It really got me starting to think about our own environment.
At a high level the team touched on how they leverage vRA Blueprints, tying into vRO workflows, tying into Application Services (App D, because i’m gangsta like that), which calls deployment scrips. They indicated that they turn raound in the neighborhood of 500+ builds every couple of weeks in this environment. Their workflow pulls in the OVF’s, deploys, configures, and runs. This is pretty amazing from a consistency standpoint - deploying replicated environments CONSISTENTLY.
The speakers showed a video accelerated significantly, showing the deployment of the stack manually. Even spend up several hundred times - It still was a 2-3 minute video! This works out to an hour and a half or more of ACTIVE work to complete these deployments. Converting this into a vRA deployment means you click the buttons - fire off the build - and walk away for 45 minutes to watch a couple episode of Big Bang Theory. Done and done!
It was a great session. Very impressed.
NET5529 — The Practical Path to NSX
This would’ve been a great session for a company that hadn’t bought NSX, and hadn’t already deployed it. It was a fairly high level overviews of NSX and mostly felt like a sales pitch. The session discussed at length the benefits of moving away from physical networking infrastructure your VI environment.
One positive of the session was, like most NSX sessions, it ultimately made me start thinking about ways to achieve micro segmentation. Every time I talk with sales, other customers, VARs, consultants - they sing the praises of the micro segmentation concept. They sing those praises until we talk about the 1400+ applications we manage early - and then they move on to attempting to sell us a consulting engagement to design a solution for us!
I think after VMWorld i’ll model out some micro segmentation solutions which aren’t «app» based and instead are platform based. 1433 and 445 inbound for SQL databases, 80 and 443 inbound for Web, etc… We’ll need to create some variables to support custom port web requests - but we have some scratch workflows doing this already. I smell a future blog post around automating security group and port security in NSX :)
MGT5360 — Introducing Application Self-Service with Networking and Security Using vRealize Automation and NSX
This session, like the session before, would have been a great session for someone who hadn’t purchased or deployed NSX yet. With that said, there was some additional value because it showed the tie in’s to vRA as a whole and the impacts of including the vRA configurations within your blueprints.
This session touched a bit better on the realistic approach to micro segmentation in NSX (outlined in my previous paragraph). The speakers demonstrated utilizing a platform based approach to segmenting. I liked the examples they gave - because they actually showed 2 potential paths. The first path was leveraging dedicated subnets for each platform. You’d have a production web subnet, production app subnet, production database subnet, etc…Wheres the fun in that?! Its inefficient. I don’t like it.
The second and «more better» solution in my opinion, is to Micro segment your environment subnets. Production subnet with all classes of server on it, with dynamic NSX rules to control who’s in what. We can also do this with custom properties on a VM deploying through Advanced Service Designer and vCO which is what we do today. You create your segmentation boundaries, and then build the plumbing in NSX to allow communication between the environments. Boom. Value achieved.
In this session, they attempted to demonstrated deploying it all in one shot. Unfortunately it broke. With that said - I don’t mind when things like this happen in demonstrations. In a way - it makes me feel like the session as REAL, instead of being «pre-recorded».
Great session, just a little redundant knowledge wise. Practical examples though!
MGT5952 — What’s New and What’s Next in VMware vCloud Suite
Oh yeah. I see you girl. Over there, with your new vRA feature set. You look like a classy lady, someone that I could sit down an automate my environment with.
Big fan of this session. This session touched on the upcoming features coming to vCloud (vRA) as a whole. This session touched on SRM 6.1, touched on the impacts with vSphere 6.0, and most importantly showed a glimpse at some of the new vRealize Automation features in a future build. That’s right - BLUEPRINT UNIFICATION BETWEEN APPLICATION SERVICES, NSX, and VRA/ASD.
The coolest feature of the SRM update in my opinion was the ability to enable SRM via a policy to virtual machines. Once you enable this policy - the system will be automatically moved to your SRM protected storage, and enabled. No more tweaking your workflows to reference the specific storage array for storage based SRM. The automation stages the machine where it needs to be for you. Awesome. Love it. Do more!
The blueprint unification looks amazing, but scary if you leverage Application Services (App D) heavily today. How well is that stuff going to port in? We’ll see…
NSX integration baked in - no more messing with custom properties to add security groups dynamically to advanced application requests. I think in 2 years we’re goin to look back at «this» version, and consider it the first real production release. Calling it now!
I popped into a number of other random sessions along the way. I’m still digesting those, but don’t really have anything major to note at the moment.
Stay tuned for more!
Keep on Labbing, Keep on Automating!