Every day I see an email thread or 10 about questions related to various aspects about vCloud Air. Primarily it has to do with what a user has access to within the service. I figured I’d do a quick personal blog post to address some of this. I know where some of these things come from because I was a customer previously so the thought process for many of these is from the vSphere Administrator view of the world. These are in no particular order, they are just a few of the things I have seen asked a few times.
Can I access the vCenter Running vCloud Air?
Easy answer….no. This is considered part of the provider controlled management stack. In a Virtual Private Cloud, which is shared, imagine if multiple tenants all had vCenter access, it just does not work. There is the argument in a dedicated cloud that only you are the tenant, but even for the “protect the user from themselves” aspect we still do not allow it. This means only the vCloud Air operations team has access to make changes, but as we all know, when running vCloud Director….you don’t want people in vCenter.
Can I use 3rd Party Software in vCloud Air?
The answer is….it depends. If it is a stand alone virtual appliance, then sure. It it uses the vCloud API’s….also no problem. If it requires vCenter Access, refer to the first question. Anything that needs direct vCenter access will not work since you don’t have visibility or access to it. I will point out this is no different in most any vCloud based provider, we all control access to that vCenter below the covers.
Can I use Anti-Affinity Rules?
This is actually a common question and today vCloud Director does not support exposing that within itself or the vCloud API’s. Therefore the function only exists in vCenter, so again refer to Question #1.
Can I Install Horizon View?
Most people use Composer which, again, needs vCenter access. I have installed very basic desktops and manually managed them with just a connection server and security server, but it’s not ideal. This is why we saw this week the announcement around Desktop As A Service that is running on top of vCloud Air. It’s deployment leverages other means to manage those desktops and vCloud Air is just the Infrastructure running the workloads.
Can I Use My Own Storage via Direct Connect?
When connected with Direct Connect or Cross connect, you are able to access network based storage that is not delivered as a part of vCloud Air. This means NFS or iSCSI, but only manually configured from within the guest itself. It would not appear as a managed object of the service. It’s not possible to mount customer iSCSI storage directly to physical hosts as VMFS or NFS volumes, even in the case of Dedicated Cloud because we don’t allow access to the hosts. Simply put, all storage must be accessible at the guest level once connected via direct connect or cross connect.
Can I Do Nested ESXi?
This is a tricky one. Technical you can install ESXi in vCloud Air, but the catch is any virtual machines running on the nested hosts will not have network access. This is because you generally need promiscuous mode enabled, and that’s not setup on a hosted style environment for security reasons. Also it is also not a use case supported by GSS. So you can mess around with it just understand not everything might work and you won’t be able to get support help on it as a supported guest operating system.
Can I get Special Permission to do ‘Stuff’ Outside of the Standard Offerings?
Ultimately, it’s a service that is standardized for all consumers. I see requests every day for 1-off type requests and most times they go in as a feature request if it makes sense on a large scale. Product Management and Engineering prioritize it so it can be evaluated and possibly “Productized” for everyone’s benefit. Many things you see in the service today came out of such requests. That being said, generally things to be done custom for one tenant as a 1-off I don’t see happen until it becomes “productized”
I think you see where I am going here, but instead let’s focus on the fact there is a lot you CAN do with vCloud Air, as I have shown many times, so get out of your own head about what you think you cannot do. The thing you have to remember is you are a tenant. You don’t own the infrastructure or architecture in any public cloud provider. It’s not Co-Location where you still own the hardware assets and can do whatever you want within your cage. You have to think like a consumer of a service, but there is a very long list of the things you can do if you can just let go of the fact you don’t have system or administrator level access to the management stack.
Picture it this way. You are building a private cloud on premises. You certainly would not let the users log right into vCenter I hope. You’d use vCloud Automation Center, or something else to front end your cloud. You would be doing the same thing a public provider is doing to protect your infrastructure and provide the resources the users need. You can still treat vCloud Air as another data center in your network, and direct workloads to it, and leverage the compute and storage VMware is managing for you under an SLA.
The bottom line is you just have to think differently, and think outside the box on how you can truly leverage a VMware based public cloud, get the applications you want moved easily, and trust the infrastructure it is built on. To do that you just need to stop thinking like an administrator and start thinking like an Architect.