Getting started with RPC-VMware
RPC-VMware architecture
The following diagram shows the architecture of RPC-VMware as configured with optional add-on components.
RPC-VMware features
The core features of RPC-VMware are based on the underlying VMware vCenter Server and VMware vSphere products. These features include the following capabilities:
- Deploying virtual machines (VMs) on-demand into clusters that are preconfigured for high availability and load balancing.
- Running your VMs on dedicated hypervisors with preconfigured datastores and networks.
- Migrating VMs on-demand between hypervisors and datastores.
- Resizing VMs on-demand.
The following table provides details about the Managed Backup (MBU) for Management Services feature. If any component of your RPC-VMware cloud encounters a failure, Rackspace might determine that a restore of the component is required. If you want to request a restore of any component, contact your account team.
Feature | Description |
---|---|
File-level backup and restore | Some of the management services allow file-level backups and where necessary, Rackspace uses file-level backups. |
Image-level backup and restore | All VMs and appliances in the management resource pool are backed up at an image level for a complete system backup. |
You can choose to use additional features in your RPC-VMware. These features include the following capabilities:
- Deploying and managing a virtual network built on software-defined networking, where you configure switching, routing, and security on-demand.
- Deploying VMs onto software-defined storage, where you can control the performance and availability policies with VM granularity.
- Providing Quality of Service (QoS) and operational efficiency in your private cloud with minimum manual effort by leveraging software-based cloud operations and analysis services.
- Use cloud management services to provide your applications, VMs, and SDDC as on-demand services.
- Rely on image-level backups of all VMs in your private cloud without the need to install a backup agent within the VM.
- Request on-demand database administration support by Rackspace database administrators (DBAs).
- SQL AlwaysOn Availability Groups (AAG) are natively supported on vSAN, the main storage platform for RPC-VMware. For customers interested in Failover cluster Instances (FCI), you can use additional Dedicated or Shared SAN Rackspace solutions. Interested Customers, contact our support team for assistance.
For details about the currently available optional add-on features, contact your account team.
RPC-VMware roles and permissions
To implement the separation of customer and Rackspace duties in RPC-VMware, Rackspace uses built-in and custom roles in the vCenter Server. Rackspace assigns you a maximum permission role (customer role) and any lesser privileged roles that you request for specific users or groups.
Customers have permissions to create, delete, and manage VMs within their private cloud. Rackspace manages and maintains the ESXi hosts, the vCenter Server, Platform Services Controller, and additional management VMs as required by the RPC-V solution. Customers therefore have limited permissions on hosts and management servers.
Specific resource pools and folders are created to house customer created VMs and ensure separation from management VMs. In support of this separation, customers are granted permissions to create, delete, and manage VMs in the Compute-ResourcePool
and Network-ResourcePool
resource pools and in the Workloads
, Templates
and Networking VMs
virtual machine folders.
If required for organisational or resource management purposes, customers can create new resource pools below the Compute-ResourcePool
and Network-ResourcePool
, and new folders below the Workloads
, Templates
and Networking VMs
folders.
The following permission sets are predefined in the vCenter Server:
- Customer Access
- VM Power User
- VM User
- Read Only
Customer Access permission set is a product of permissions applied to two sets of roles. A lower permission set is enforced at the root of the inventory tree, and a higher permission set is applied at the resource pool level of the inventory tree.
The following table shows which vCenter Server permissions are available to each role.
vCenter permissions and roles
Permission | Customer Access | VM Power User | VM User | Read Only |
---|---|---|---|---|
Alarms | Full access | No access | No access | No access |
Datastore | Limited access | Limited access | No access | No access |
Folder | Full access | No access | No access | No access |
Network | Limited Access | No access | No access | No access |
Performance | Full access | No access | No access | No access |
Profile-driven storage | Full access | No access | No access | No access |
Resource | Full access | No access | No access | No access |
Scheduled task | Full access | Full access | Full access | No access |
Tasks | Full access | Full access | Full access | No access |
vApp | Full access | No access | No access | No access |
Virtual machine | Full access | Full access | Limited access | No access |
Datacenter | Limited access | No access | No access | No access |
Global | Limited access | Limited access | Limited access | No access |
Host | Limited access | No access | No access | No access |
Sessions | Limited access | No access | No access | No access |
Storage views | Limited access | No access | No access | No access |
Datastore cluster | Full Access | No access | No access | No access |
Distributed virtual switch | No access | No access | No access | No access |
Distributed virtual port group | No access | No access | No access | No access |
ESX agent manager | No access | No access | No access | No access |
Extension | No access | No access | No access | No access |
vCenter inventory service | No access | No access | No access | No access |
vSphere update manager | No access | No access | No access | No access |
VRM policy | No access | No access | No access | No access |
vService | No access | No access | No access | No access |
vSphere tagging | Full Access | No access | No access | No access |
Managed services for RPC-VMware
The following table provides describes the features that Rackspace provides as a managed service to you in RPC-VMware.
Features provided as managed services
Feature | Description |
---|---|
High Availability (HA) | HA clustering is set up by Rackspace. |
Dynamic Resource Scheduler (DRS) | DRS clustering is set up by Rackspace. |
vStorage API for Array Integration (VAAI) | VAAI is available if it is supported on the storage array. |
Distributed Switch™ | Rackspace configures the distributed virtual switch and distributed port groups to which customers can connect VMs. |
RPC-VMware compatibility
RPC-VMware might not be compatible with all Rackspace products and services. Contact your Rackspace support specialist for detailed information about whether any specific Rackspace product is compatible with your RPC-VMware.
RPC-VMware compatibility with third-party products
You can access RPC-VMware by using various VMware services APIs. You can use any third-party management, orchestration, or other type of tools that are compatible with these APIs. In this case, the functionality of any such tool is limited by the RPC-VMware features and capabilities as described in this handbook, and the permissions applied to your RPC-VMWare environment. Ensure that the VMware services API versions of your environment are compatible with the third-party tools that you want to use.
RPC-VMware compatibility when elevated permissions are needed
In some cases, existing role permissions provided by Rackspace do not allow a custom or third-party tool to function. Contact the Rackspace account team to determine if role permission adjustments are possible.
RPC-VMware authentication methods
RPC-VMware customers have two choices for vCenter authentication:
- Rackspace-provided Active Directory service
- Customer-provided Active Directory service
Rackspace support authenticates to your RPC-VMware cloud with the Rackspace hosted directory service. Your directory service is added as an additional authentication source.
You must also indicate the groups and roles to be assigned in vCenter from the vCenter roles available in RPC-VMware roles and permissions.
External data centers
In addition to being available in Rackspace data centers, the RPC-VMware product is also available in customer’s own, or 3rd party, data centers.
External instances of RPC-VMware provide the same functionality as it would in a Rackspace data center. Rackspace provides and supports the networking, including redundant connections back to Rackspace to enable a seamless support experience for the customer.
Pay-Per-Use Infrastructure
RPC-VMware with Pay-Per-Use Infrastructure, delivered by Rackspace and Hewlett Packard Enterprise® (HPE) offers a pay-per-use billing model for customers. This is differentiated from traditional fixed cost private infrastructure environments where customers pay for everything up front, pay by the month for a low utilized environment, or do both. A minimum commitment is required for this solution.
Customers are billed on a per-unit basis for compute and storage resources consumed (assuming that usage exceeds the minimum commit level). The per-unit prices are “all-in” - they cover the hardware and hardware management in addition to the cost of private cloud operations, support, and licensing. Pricing is determined per customer deployment and is dependent on installed capacity and expected growth. This per-unit pricing will also reduce as the customer’s environment grows and consumption increases over the duration of the contract. This allows the customer to predict their growth costs with no hidden fees.
How It Works
A monitoring agent is installed on each VMware Private Cloud to meter usage. This agent monitors hourly consumed resources on your private cloud (for example, the hourly RAM consumed on a daily basis across all the compute hosts). The usage is averaged for the day and at the end of each month that Rackspace aggregates the daily usage to determine the monthly usage. Then the appropriate per unit price is applied from the pricing table. Rackspace monitors the customer’s usage constantly and recommends adding new resources or hosts into the private cloud environment as the customer’s usage exceeds the thresholds of installed capacity. New resources are seamlessly integrated into the existing private cloud allowing customers to grow their environment without any downtime.
For more information about Pay-Per-Use with RPC-V, contact your Rackspace sales representation.
Note: Pay-Per-Use is available for RPC-VM deployments at customer or colocation data centers.
Using RPC-VMware
This section describes the following Rackspace Private Cloud powered by VMware (RPC-VMware) tasks:
- Accessing the RPC-VMware environment
- Obtaining guest VM templates
- Assigning public IP addresses
- Activating Rackspace-provided OS image licenses
- Patching the OS
- Managing capacity
- Using the API
- Managing permissions
- Migrating workloads
- Guest OS Clustering
- Using plug-ins and third-party software
Accessing the RPC-VMware environment
For security reasons, you must establish a VPN connection to the Rackspace firewall to access your RPC-VMware environment. You can establish either a site-to-site or client-to-site VPN to satisfy this requirement.
Your RPC-VMware environment includes DNS servers, which provide local DNS resolution. Therefore, you must configure conditional forwarding in your DNS infrastructure to correctly resolve DNS records for RPC-VMware management services. Contact your support team for more details.
Rackspace creates ticket with the details of how to establish a VPN connection and how to access the various services in your RPC-VMware environment. If you have purchased several environments in different data centers, you will receive individual tickets specific to each environment.
VM templates
Rackspace provides complimentary OS templates for deploying VMs. These OS templates use the vCenter Content Library system and are configured as a subscribed third-party library. If you request the subscription during or after your RPC-V deployment, the OS templates consume a small amount of disk space on one of the available datastores in your RPC-V environment.
Rackspace will only provide complementary OS templates for operating systems listed on the EOL Terms page that have not yet reached the End for Sale date. The Rackspace template catalog is periodically updated to add or remove OS templates based on their status on this page.
Assigning public IP addresses
Rackspace can provide public Internet Protocol (IP) addresses to assign to VMs and other virtual systems that you deploy within your RPC-VMware environment. Rackspace provides these public IP addresses by assigning small blocks of IP addresses to the external interface of the physical firewall in your environment and establishing NAT assignments to private IP addresses behind the firewall. Rackspace works with you to determine how many public IP addresses you require and which internal networks the NATs should be assigned to. Rackspace provides you with a table listing this public IP NAT assignment.
It is your responsibility to manage the assignment of private IP addresses that correspond to a public IP address. This ensures you are able to externally access any systems provisioned by you in your environment.
Rackspace can assist you in managing access rules on the physical firewall to restrict unwanted access to a system with a public IP address enabled. You can manage these access rules by using the My Rackspace portal. It is your responsibility to remove or adjust these rules if a private IP address is no longer used or transferred to a different virtual system. If you need Rackspace assistance with the access rules on the physical firewall, create a support ticket or call your dedicated account team.
If any additional IP addresses are required, contact your Rackspace Support team.
Activating Rackspace-provided OS image licenses
If you purchase host-based OS licensing for Windows or Red Hat from Rackspace, instructions on how to activate the licenses are provided by your account team. Failure to follow these instructions might impact the function of the OS.
OS patching
You can manage your OS patches by using any external OS patching source provided by the OS manufacturer. If you have purchased a host-based license for Red Hat Enterprise Linux, you will receive instructions on how to use the Rackspace OS patching sources for that OS, if you choose to use them. If you encounter configuration issues or patching is not working, enter a support ticket or call your dedicated account team.
Capacity management
You are responsible for capacity management and must inform Rackspace when additional resources are required. You can use vCenter Server alarms and performance graphs to monitor cluster, host, VM, and datastore resources.
To aid in capacity planning, we recommend using VMware vRealize Operations. vRealize Operations has advanced forecasting, monitoring, and rightsizing capabilities, including email alerts and Simple Network Management Protocol (SNMP). The vRealize Operations dashboard enables you to best manage your resources and optimize performance.
For capacity management, you can choose to use third-party software that is compatible with RPC-VMware services. However, Rackspace does not guarantee compatibility with third-party products, and functionality is limited within the Customer Access role permissions.
Using the API
You can use the VMware APIs within the boundaries of the permission set of each component that you purchase for RPC-VMware. For the most up-to-date API information, see the VMware site.
Managing permissions
Rackspace retains administrative access to the RPC-VMware environment. However, over 300 permissions are enabled so that you can manage the hosted VMs.
If you have a specific use case or third-party system that you want to integrate with your RPC-VMware environment but can’t because of the level of access provided to you, discuss your requirements with your account team to determine adjustments can be made. Requests for additional permissions are reviewed on a case-by-case basis. Create a ticket or call your dedicated account team to discuss your requirements.
If you have selected to use the Rackspace-provided directory service to host user accounts for your staff, create a ticket to request additional user accounts or changes to existing accounts.
It is your responsibility to request user account deletion for staff no longer authorized to access your RPC-VMware environment.
If you have selected to use your internal Active Directory (AD) to host user accounts for your staff, it is your responsibility to manage user accounts that need to be added to or removed from groups that have been enabled for various access roles in your RPC-VMware environment.
Migrating workloads
Rackspace has two primary methods for migrating workloads:
- Network migration: Use for small data sets
- Physical migration: Use for large data sets
When choosing a method, you need to assess the time, cost, difficulty, amount of data to be migrated, including any discussions with Rackspace before making a selection on what method you choose to use.
VMs can be migrated in either a powered on or powered off state; however, powered on migrations have specific requirements that must be met for continuous operation. Powered off migrations have the most flexibility in transfer options but require downtime for the services running on the VMs.
When selecting a migration method, note the following considerations:
- Bandwidth and latency: Transfers over the network between sites can be affected by low bandwidth or latency, increasing the transfer time or preventing live VM migrations.
- Timescale for the migration: The size of the VMs might not allow timely transfer over a network. A physical transfer using a USB drive (or similar method) might result in faster transfer times even with the added time of shipping the drive.
- Downtime for the VMs: A physical transfer requires downtime. Some network methods allow continuous operation or minimal downtime.
- Dataset size: Smaller VMs are more easily transferred over a network, while large amounts of data take time to transfer and might be better suited for physical transfer.
- Longevity of the solution: Is the migration temporary or permanent? You need to note which devices will need to be decommissioned, repurposed, or rebuilt.
- Cost for the solution: The cost can range from free, with the customer performing all the work, to customer assistance, to Professional Services engagements, and depends on the complexity of the migration. Additional equipment, infrastructure, and licensing can also affect the cost.
- Skill set of the customer: The self-service option might be sufficient for some customers, while others might need assistance from Professional Services.
- Versions of the VMware products: Certain migration methods require specific versions of the VMware products to properly facilitate the migration.
- Complexity of customer environment: More complex customer environments or business requirements might dictate a specific migration process.
- Snapshots: We recommend removing any VM snapshots before migration to ensure disk file integrity.
Rackspace provides assistance in selecting, enabling, and even performing the migration of your existing workload to your RPC-VMware environment.
Contact your dedicated account team to discuss the services and pricing.
Guest OS Clustering
You can run clustered instances of guest VMs in your RPC-VMware environment, subject to the following configuration restrictions.
- Virtual machines participating in clustering must remain compatible with vMotion. This might require OS level configuration steps. Contact your support team for further details.
- Virtual machines participarting in clustering with a shared disk configuration must reside on external SAN storage. Rackspace can provide fully managed Dedicated or Shared SAN for this purpose.
- Windows VMs participating in clustering must run Windows 2008 SP2 or later.
- Rackspace Managed Backup for RPC-VMware is not currently available for clustered guest VMs.
If you are interested in running clustered guest OS services, contact your support team for further details.
Rackspace must be able to place ESXi hosts into maintenance mode in order to patch your RPC-VMware environment. Any configuration that you create that prevents this may be removed. Speak to your support team for more details.
Using plug-ins and third-party software
You can use plug-ins and third-party software that operates with the Customer Access permissions provided to you.
Rackspace does not guarantee compatibility with anything that you may install or configure with your RPC-VMware environment.
If Rackspace determines that a plug-in or third-party software tool is causing reliability or stability issues with your RPC-VMware environment that affect Rackspace’s ability to support and maintain it, we notify you and work with you to resolve the issue.
Patching and upgrading
Rackspace periodically patches or upgrades the various Rackspace-provided services in your RPC-VMware environment. These services are patched or upgraded to the most recent Rackspace-supported version as needed and to address critical vulnerabilities.
Rackspace aims to obtain consent before patching or upgrading the environment to ensure that actions are performed at a convenient time for you. This process does not require any scheduled downtime for virtual systems deployed by you in your environment, but it might temporarily impact the availability of the various user interfaces and APIs of the RPC-VMware services. The patching or upgrade of hosts might affect the performance of virtual systems deployed by you in your environment if the patch or upgrade requires a host to be restarted. Performance should return to normal when host patching or upgrading is complete.
Rackspace must be able to place ESXi hosts into maintenance mode in order to patch your RPC-V environment. Any configuration that you create that prevents this may be removed. Speak to your support team for more details.
Updated 10 months ago