vCloud Director Enterprise Cloud 5.5部署（一）

vCloud逻辑架构概述

vCloud管理架构

设计和架构vCloud管理基础设施是非常重要的，对于支持vCloud解决方案的可用性和可拓展性。

Management Cluster  (管理集群)

管理集群主机是必要的vCloud基础架构组件。从最终用户工作负载资源分离基础架构组件可以提高vCloud基础架构的可管理性。

管理集群核心组件包括以下：

vCenter Server or VMware vCenter ServerAppliance

vCenter Server database

vCloud Director cells

vCloud Director database

vCloud Networking and Security Manager (每个vCenterServer资源组一个)

vCenter Chargeback Manager

vCenter Chargeback database

vCenter Update Manager

vCenter Orchestrator

根据需求通过vCloud Networking and Security Manager部署VMware vCloudNetworking and Security Edge gateway appliances到vCloud Director中，驻留在资源组，而不是在管理集群。

下列管理集群组件是可选的：

vCenter Server Heartbeat

vCloud Automation Center

vCloud Connector

VMware vFabric RabbitMQ

vFabric Application Director

VMware vFabric Hyperic

vSphere Management Assistant

vCenter Operations Manager

vCenter Configuration Manager

vCenter Infrastructure Navigator

vCenter Site Recovery Manager

Databases for optional components

 

管理集群规划：

虚拟机/物理机	用途	域名	IP地址	备注
DC		DC.vsphere.com	192.168.10.21	同一个DC
vCenter		vcenter.vsphere.com	192.168.10.22
ESXi01		esxi01.vsphere.com	192.168.10.1
ESXi02		esxi02.vsphere.com	192.168.10.2
vCloud-1	HTTP	vcloud-1.vsphere.com	10.0.1.24	http
	VMRC	vcloud-1-con.vsphere.com	10.0.1.25	vmrc
	MGT		192.168.10.24	mgt
vCloud-2	HTTP	vcloud-2.vsphere.com	10.0.1.26	http
	VMRC	vcloud-2-con.vsphere.com	10.0.1.27	vmrc
	MGT		192.168.10.26	mgt
MgtDB	Database	MgtDB.vsphere.com	192.168.10.28	vCD, Chargeback
vShield Manage			192.168.10.29
Load Balancer	HTTP	vcloud.vsphere.com	10.0.2.251	vCD LB http
	VMRC	consoleproxy.vsphere.com	10.0.2.250	vCD LB vmrc
	MGT		10.0.1.251	DMZ
NFS	NFS		192.168.10.22
CA	CA	ca.vsphere.com	192.168.10.30

 

网络与VLAN规划

网段	VLAN ID	用途	备注
192.168.10.0/24	10	管理 management
192.168.20.0/24	20	存储 Storage
192.168.30.0/24	30	迁移 vMotion
192.168.40.0/24	40	容错 FT
192.168.50.0	50	互联	网络设备互联使用
10.0.1.0/24	60	DMZ
10.0.2.0/24	70	外部网络 External
192.168.100.0/24	100	虚拟机 VM

 

CloudResource Groups (云资源组)

资源组是一套专门作为最终用户工作负载并被一个单独的vCenter server所管理的资源。vCloud Director管理vCenter Server实例连接的所有资源组的资源。所有的配置任务是通过vCloud Director启动的，并且传递给相应的vCenter Server实例。

在标准化的分组调配资源为扩展的vCloud环境提供了一致的做法。强烈建议一个单独的vCenter Server实例来管理云资源组。如果你使用的是一个单独的vCenter Server来同时管理Management Cluster(管理集群)和Cloud Resource Groups(云资源组)，那么至少将全部的vCloud资源的工作负载放在一个单独的集群中。

Management Cluster(管理集群)中的vCenterServer管理的是Management Cluster中的ESXi主机，vCloud Director等相关的组件运行在这些ESXi主机中，vCloud Director关联的vCenter是Cloud Resource Groups(云资源组)中的单独的vCenter Server,这样做的好处就是vCloud Director创建的各种工作负载不会争抢Management Cluster(管理集群)中的资源，vCloud Director的可用性依赖于Management Cluster(管理集群)中的资源，这样做可以达到逻辑隔离的效果，保证了云门户的高可用性。

云资源组规划

物理界/虚拟机	IP地址	备注
DC	192.168.10.21	同一个DC
vCenter(vcenter-cloud)	192.168.10.23
ESXi03	192.168.10.3
ESXi04	192.168.10.4
vShield Manage	192.168.10.31

VLAN规划

VLAN ID	用途	备注
10	管理 management
20	存储 Storage
30	迁移 vMotion
40	容错 FT
50	互联	网络设备互联使用
60	DMZ
70	外部网络 External
80	VXLAN
90	vCD云隔离网络
100	虚拟机 VM

 

ManagementCluster(管理集群)vSphere DistributedSwitch (VDS)规划

CloudResource Groups(云资源组)中vCenter的vSphereDistributed Switch (VDS)规划

ManagementCluster(管理集群)中ESXi主机网卡用途规划：

ESXi主机	物理网卡	用途	备注
ESXi01 & ESXi02	vmnic0 & vmnic1	Management&vMotion
	vmnic2 & vmnic3	Storage
	vmnic4 & vmnic5	VM
	vmnic6 & vmnic7	FT

CloudResource Groups(云资源组)中ESXi主机网卡用途规划：

ESXi主机	物理网卡	用途	备注
ESXi03 & ESXi04	vmnic0 & vmnic1	FT& External&DMZ&VXLAN&vCD云隔离网络
	vmnic2 & vmnic3	Management&vMotion
	vmnic4 & vmnic5	Storage
	vmnic6 & vmnic7	VM

PS: Management Cluster(管理集群)和CloudResource Groups(云资源组)所使用的ESXI主机为不同型号的机架服务器，所以vmnic物理网卡规划功能和物理网卡号码的顺序略有不同。

物理交换机端口连接规划：

Management Cluster(管理集群)ESXi主机
ESXi主机物理网卡	物理交换机端口	ESXi主机物理网卡		物理交换机端口
ESXi01   vmnic0	S5700-1   5口	ESXi02   vmnic0		S5700-1   6口
ESXi01   vmnic1	S5700-2  5口	ESXi02   vmnic1		S5700-2  6口
ESXi01   vmnic2	S5700-1   13口	ESXi02   vmnic2		S5700-1   14口
ESXi01   vmnic3	S5700-2   13口	ESXi02   vmnic3		S5700-2   14口
ESXi01   vmnic4	S5700-1   37口	ESXi02   vmnic4		S5700-1   38口
ESXi01   vmnic5	S5700-2   37口	ESXi02  vmnic5		S5700-2   38口
ESXi01   vmnic6	S5700-1   25口	ESXi02   vmnic6		S5700-1   26口
ESXi01   vmnic7	S5700-2   25口	ESXi02   vmnic7		S5700-2   26口
Cloud Resource Groups(云资源组)ESXi主机
ESXi主机物理网卡	物理交换机端口	ESXi主机物理网卡	物理交换机端口
ESXi03   vmnic0	S5700-1   27口	ESXi04   vmnic0	S5700-1   28口
ESXi03   vmnic1	S5700-2  27口	ESXi04   vmnic1	S5700-2  28口
ESXi03   vmnic2	S5700-1   7口	ESXi04   vmnic2	S5700-1   8口
ESXi03   vmnic3	S5700-2   7口	ESXi04   vmnic3	S5700-2   8口
ESXi03   vmnic4	S5700-1   15口	ESXi04   vmnic4	S5700-1   16口
ESXi03   vmnic5	S5700-2   15口	ESXi04   vmnic5	S5700-2   16口
ESXi03   vmnic6	S5700-1   39口	ESXi04   vmnic6	S5700-1   40口
ESXi03   vmnic7	S5700-2   39口	ESXi04   vmnic7	S5700-2   40口
ESXi05   vmnic0	S5700-1   29口	ESXi06   vmnic0	S5700-1   30口
ESXi05   vmnic1	S5700-2   29口	ESXi06   vmnic1	S5700-2   30口
ESXi05   vmnic2	S5700-1   9口	ESXi06   vmnic2	S5700-1   10口
ESXi05   vmnic3	S5700-2   9口	ESXi06   vmnic3	S5700-2   10口
ESXi05   vmnic4	S5700-1   17口	ESXi06   vmnic4	S5700-1   18口
ESXi05   vmnic5	S5700-2   17口	ESXi06   vmnic5	S5700-2   18口
ESXi05   vmnic6	S5700-1   41口	ESXi06   vmnic6	S5700-1   42口
ESXi05   vmnic7	S5700-2   41口	ESXi06   vmnic7	S5700-2   42口

Management Cluster(管理集群)和CloudResource Groups(云资源组)中ESXi主机连接物理交换机的相关信息和配置：

S5700-1配置：

以下配置为部分有关配置

sysname S5700_1

 

#

 vlanbatch 10 20 30 40 50 60 70 80 90 100

#

 undohttp server enable

#

 dropillegal-mac alarm

#

aaa

 authentication-scheme default

 authorization-scheme default

 accounting-scheme default

 domain default

 domain default_admin

 local-user admin password simple admin

 local-user admin service-type http

 local-user ###### password simple ######

 local-user ###### privilege level 3

 local-user ###### service-type telnet

#

interface Vlanif10

 ipaddress 192.168.10.254 255.255.255.0 

#

interface Vlanif20

 ipaddress 192.168.20.253 255.255.255.0

#

interface Vlanif30

 ipaddress 192.168.30.253 255.255.255.0

#

interface Vlanif40

 ipaddress 192.168.40.253 255.255.255.0

#

interface Vlanif50

 ipaddress 192.168.50.2 255.255.255.252

#

interface Vlanif60

 ipaddress 10.0.1.253 255.255.255.0

#

interface Vlanif70

 ipaddress 10.0.2.253 255.255.255.0

#

interface Vlanif100

 ipaddress 192.168.100.254 255.255.255.0

#

interface MEth0/0/1                      

#

interface Eth-Trunk0

 portlink-type trunk

 porttrunk allow-pass vlan 2 to 4094

#

interface Eth-Trunk1

 description SW1_TO_Openfiler

 portlink-type access

 portdefault vlan 20

#

interface Eth-Trunk2

 description SW1_TO_WSS

 portlink-type access

 portdefault vlan 20

#

interface GigabitEthernet0/0/1

 portlink-type access

 portdefault vlan 100

#

interface GigabitEthernet0/0/2

 portlink-type access

 portdefault vlan 100

#                                        

interface GigabitEthernet0/0/3

 portlink-type access

 portdefault vlan 10

#

interface GigabitEthernet0/0/4

 portlink-type access

 portdefault vlan 10

#

interface GigabitEthernet0/0/5

 portlink-type trunk

 porttrunk allow-pass vlan 10 30

#

interface GigabitEthernet0/0/6

 portlink-type trunk

 porttrunk allow-pass vlan 10 30

#

interface GigabitEthernet0/0/7

 portlink-type trunk

 porttrunk allow-pass vlan 10 30

#

interface GigabitEthernet0/0/8

 portlink-type trunk

 porttrunk allow-pass vlan 10 30        

#

interface GigabitEthernet0/0/9

 portlink-type trunk

 porttrunk allow-pass vlan 10 30

#

interface GigabitEthernet0/0/10

 portlink-type trunk

 porttrunk allow-pass vlan 10 30

#

interface GigabitEthernet0/0/11

 portlink-type trunk

 porttrunk allow-pass vlan 10 30

#

interface GigabitEthernet0/0/12

 portlink-type trunk

 porttrunk allow-pass vlan 10 30

#

interface GigabitEthernet0/0/13

 portlink-type access

 portdefault vlan 20

#

interface GigabitEthernet0/0/14

 portlink-type access                   

 portdefault vlan 20

#

interface GigabitEthernet0/0/15

 portlink-type access

 portdefault vlan 20

#

interface GigabitEthernet0/0/16

 portlink-type access

 portdefault vlan 20

#

interface GigabitEthernet0/0/17

 portlink-type access

 portdefault vlan 20

#

interface GigabitEthernet0/0/18

 portlink-type access

 portdefault vlan 20

#

interface GigabitEthernet0/0/19

 eth-trunk 1

#

interface GigabitEthernet0/0/20

 eth-trunk 1                             

#

interface GigabitEthernet0/0/21

 eth-trunk 2

#

interface GigabitEthernet0/0/22

 eth-trunk 2

#

interface GigabitEthernet0/0/23

 portlink-type access

 portdefault vlan 20

#

interface GigabitEthernet0/0/24

 portlink-type access

 portdefault vlan 20

#

interface GigabitEthernet0/0/25

 portlink-type trunk

 porttrunk allow-pass vlan 40 60 70

#

interface GigabitEthernet0/0/26

 portlink-type trunk

 porttrunk allow-pass vlan 40 60 70

#                                        

interface GigabitEthernet0/0/27

 portlink-type trunk

 porttrunk allow-pass vlan 40 60 70 80 90

#

interface GigabitEthernet0/0/28

 portlink-type trunk

 porttrunk allow-pass vlan 40 60 70 80 90

#

interface GigabitEthernet0/0/29

 portlink-type trunk

 porttrunk allow-pass vlan 40 60 70 80 90

#

interface GigabitEthernet0/0/30

 portlink-type trunk

 porttrunk allow-pass vlan 40 60 70 80 90

#

interface GigabitEthernet0/0/31

 portlink-type trunk

 porttrunk allow-pass vlan 40 60 70

#

interface GigabitEthernet0/0/32

 portlink-type trunk

 porttrunk allow-pass vlan 40 60 70     

#

interface GigabitEthernet0/0/33

 portlink-type trunk

 porttrunk allow-pass vlan 40 60 70

#

interface GigabitEthernet0/0/34

 portlink-type trunk

 porttrunk allow-pass vlan 40 60 70

#

interface GigabitEthernet0/0/35

 portlink-type trunk

 porttrunk allow-pass vlan 40 60 70

#

interface GigabitEthernet0/0/36

 portlink-type trunk

 porttrunk allow-pass vlan 40 60 70

#

interface GigabitEthernet0/0/37

 portlink-type access

 portdefault vlan 100

#

interface GigabitEthernet0/0/38

 portlink-type access                   

 portdefault vlan 100

#

interface GigabitEthernet0/0/39

 portlink-type access

 portdefault vlan 100

#

interface GigabitEthernet0/0/40

 portlink-type access

 portdefault vlan 100

#

interface GigabitEthernet0/0/41

 portlink-type access

 portdefault vlan 100

#

interface GigabitEthernet0/0/42

 portlink-type access

 portdefault vlan 100

#

interface GigabitEthernet0/0/43

 portlink-type access

 portdefault vlan 100

#

interface GigabitEthernet0/0/44          

 portlink-type access

 portdefault vlan 100

#

interface GigabitEthernet0/0/45

 description TO_D-Link

 portlink-type access

 portdefault vlan 100

#

interface GigabitEthernet0/0/46

 eth-trunk 0

#

interface GigabitEthernet0/0/47

 eth-trunk 0

#

interface GigabitEthernet0/0/48

 portlink-type access

 portdefault vlan 50

#

interface NULL0

#

 iproute-static 0.0.0.0 0.0.0.0 192.168.50.1

 iproute-static 192.168.10.0 255.255.255.0 NULL0

 iproute-static 192.168.100.0 255.255.255.0 NULL0

#

 snmp-agent

 snmp-agent local-engineid000007DB7F0000010000033B

 snmp-agent community read  public

 snmp-agent community write  private

 snmp-agent sys-info version v2c v3

#

user-interface con 0

 idle-timeout 0 0

user-interface vty 0 4

 authentication-mode aaa

 userprivilege level 3

 setauthentication password simple ######

#

return

S5700-2配置：

以下配置为部分有关配置

sysname S5700_2

#

vlan batch 10 20 30 40 50 60 70 80 90 100

#

undo http server enable

#

undo nap slave enable

#

aaa

 authentication-scheme default

 authorization-scheme default

 accounting-scheme default

 domain default

 domain default_admin

 local-user admin password cipher%$%$O9hP7mbf4Q#E\vU4j#wX3ypg%$%$

 local-user admin service-type http

 local-user ###### password cipher%$%$Js~g2x\psC6{lg<%&>wXy+"v%$%$

 local-user ###### privilege level 3

 local-user ###### service-type telnet

#

interface Vlanif10

 ipaddress 192.168.10.252 255.255.255.0

#                                        

interface Vlanif20

 ipaddress 192.168.20.252 255.255.255.0

#

interface Vlanif30

 ipaddress 192.168.30.252 255.255.255.0

#

interface Vlanif40

 ipaddress 192.168.40.252 255.255.255.0

#

interface Vlanif50

 ipaddress 192.168.50.6 255.255.255.252

#

interface Vlanif60

 ipaddress 10.0.1.252 255.255.255.0

#

interface Vlanif70

 ipaddress 10.0.2.252 255.255.255.0

#

interface Vlanif100

 ipaddress 192.168.100.252 255.255.255.0

#

interface MEth0/0/1

#

interface Eth-Trunk0                     

 portlink-type trunk

 porttrunk allow-pass vlan 2 to 4094

#

interface Eth-Trunk1

 description SW2_TO_Openfiler

 portlink-type access

 portdefault vlan 20

#

interface Eth-Trunk2

 description SW2_TO_WSS

 portlink-type access

 portdefault vlan 20

#

interface GigabitEthernet0/0/1

 portlink-type access

 portdefault vlan 10

#

interface GigabitEthernet0/0/2

 portlink-type access

 portdefault vlan 10

#

interface GigabitEthernet0/0/3

 portlink-type access

 portdefault vlan 10                    

#

interface GigabitEthernet0/0/4

 portlink-type access

 portdefault vlan 10

#

interface GigabitEthernet0/0/5

 portlink-type trunk

 porttrunk allow-pass vlan 10 30

#

interface GigabitEthernet0/0/6

 portlink-type trunk

 porttrunk allow-pass vlan 10 30

#

interface GigabitEthernet0/0/7

 portlink-type trunk

 porttrunk allow-pass vlan 10 30

#

interface GigabitEthernet0/0/8

 portlink-type trunk

 porttrunk allow-pass vlan 10 30

#

interface GigabitEthernet0/0/9

 portlink-type trunk

 porttrunk allow-pass vlan 10 30        

#

interface GigabitEthernet0/0/10

 portlink-type trunk

 porttrunk allow-pass vlan 10 30

#

interface GigabitEthernet0/0/11

 portlink-type trunk

 porttrunk allow-pass vlan 10 30

#

interface GigabitEthernet0/0/12

 portlink-type trunk

 porttrunk allow-pass vlan 10 30

#

interface GigabitEthernet0/0/13

 portlink-type access

 portdefault vlan 20

#

interface GigabitEthernet0/0/14

 portlink-type access

 portdefault vlan 20

#

interface GigabitEthernet0/0/15

 portlink-type access

 portdefault vlan 20                    

#

interface GigabitEthernet0/0/16

 portlink-type access

 portdefault vlan 20

#

interface GigabitEthernet0/0/17

 portlink-type access

 portdefault vlan 20

#

interface GigabitEthernet0/0/18

 portlink-type access

 portdefault vlan 20

#

interface GigabitEthernet0/0/19

 eth-trunk 1

#

interface GigabitEthernet0/0/20

 eth-trunk 1

#

interface GigabitEthernet0/0/21

 eth-trunk 2

#

interface GigabitEthernet0/0/22

 eth-trunk 2                             

#

interface GigabitEthernet0/0/23

 portlink-type access

 portdefault vlan 20

#

interface GigabitEthernet0/0/24

 portlink-type access

 portdefault vlan 20

#

interface GigabitEthernet0/0/25

 portlink-type trunk

 porttrunk allow-pass vlan 40 60 70

#

interface GigabitEthernet0/0/26

 portlink-type trunk

 porttrunk allow-pass vlan 40 60 70

#

interface GigabitEthernet0/0/27

 portlink-type trunk

 porttrunk allow-pass vlan 40 60 70 80 90

#

interface GigabitEthernet0/0/28

 portlink-type trunk

 porttrunk allow-pass vlan 40 60 70 80 90

#

interface GigabitEthernet0/0/29

 portlink-type trunk

 porttrunk allow-pass vlan 40 60 70 80 90

#

interface GigabitEthernet0/0/30

 portlink-type trunk

 porttrunk allow-pass vlan 40 60 70 80 90

#

interface GigabitEthernet0/0/31

 portlink-type trunk

 porttrunk allow-pass vlan 40 60 70

#

interface GigabitEthernet0/0/32

 portlink-type trunk

 porttrunk allow-pass vlan 40 60 70

#

interface GigabitEthernet0/0/33

 portlink-type trunk

 porttrunk allow-pass vlan 40 60 70

#

interface GigabitEthernet0/0/34

 portlink-type trunk

 porttrunk allow-pass vlan 40 60 70     

#

interface GigabitEthernet0/0/35

 portlink-type trunk

 porttrunk allow-pass vlan 40 60 70

#

interface GigabitEthernet0/0/36

 portlink-type trunk

 porttrunk allow-pass vlan 40 60 70

#

interface GigabitEthernet0/0/37

 portlink-type access

 portdefault vlan 100

#

interface GigabitEthernet0/0/38

 portlink-type access

 portdefault vlan 100

#

interface GigabitEthernet0/0/39

 portlink-type access

 portdefault vlan 100

#

interface GigabitEthernet0/0/40

 portlink-type access

 portdefault vlan 100                   

#

interface GigabitEthernet0/0/41

 portlink-type access

 portdefault vlan 100

#

interface GigabitEthernet0/0/42

 portlink-type access

 portdefault vlan 100

#

interface GigabitEthernet0/0/43

 portlink-type access

 portdefault vlan 100

#

interface GigabitEthernet0/0/44

 portlink-type access

 portdefault vlan 100

#

interface GigabitEthernet0/0/45

 description TO_D-Link

 portlink-type access

 portdefault vlan 100

#

interface GigabitEthernet0/0/46

 eth-trunk 0                             

#

interface GigabitEthernet0/0/47

 eth-trunk 0

#

interface GigabitEthernet0/0/48

 portlink-type access

 portdefault vlan 50

#

interface NULL0

#

ip route-static 0.0.0.0 0.0.0.0192.168.50.5

ip route-static 10.0.1.0 255.255.255.0NULL0

ip route-static 192.168.10.0 255.255.255.0NULL0

ip route-static 192.168.100.0 255.255.255.0NULL0

#

snmp-agent

snmp-agent local-engineid800007DB0380FB06AD7353

snmp-agent community read cipher%$%$eLJ-T}@q2<h~wA>;JzQ!XH~6%$%$

snmp-agent community write cipher%$%$.<ZSB[0PB0ZxV>3+>HwCY<3*%$%$

snmp-agent sys-info version v2c v3

#

user-interface con 0

 authentication-mode password

 setauthentication password cipher%$%$$r0J4=U$nF{+"pQ0<7E@,qh_fo)\&K&o-PySS^:bk;[8.wni%$%$

user-interface vty 0 4

 authentication-mode aaa

user-interface vty 16 20

#

return

转载于:https://blog.51cto.com/magiccloud/1438746