This article discusses solution architecture for leveraging WebSphere Application Server 9 Intelligent management capability with VMWare offering on IBM Cloud to help customer deliver robust scalable and highly available Infrastructure with WebSphere and IBM Cloud. This architecture could be useful in scenarios where customer already has a VMWare Infrastructure in their data centers and want to expand their capacity without buying additional hardware Infrastructure by leveraging IBM Cloudâ€™s VMWare offering. This scenario constitutes to the case of capacity expansion for both VMWare and Application Infrastructure. A VMware Infrastructure environment provides additional management capabilities that help optimize the infrastructure resources used by both WebSphere applications and other application types in an enterprise data center. IBM WebSphere Application Server Network Deployment delivers world-class clustering and near-continuous availability, with advanced performance and management capabilities for mission-critical applications. Before designing such Infrastructure, one should check for network latency and opt for the nearest IBM Cloud data center. Â
Intelligent management is one of the key capabilities of WebSphere Application Server which comprises of Application Placement Controller, Automatic Request Flow Management, and Health Management are known as HA Managed items. Intelligent management also helps dynamically create server Instances based on predefined SLAâ€™s such as CPU, Memory utilization and request load etc. This feature is referred to as dynamic clustering. Prior to this we use to have static clustering where in customer use to define fixed number of application server instances to be part of their cluster and have to manually Increase these Instances as and when need arises. Through dynamic clustering customers can define initial instances and scale out instances in admin console or through scripts.
As be seen in the above diagram initial WAS infrastructure is started with two instances and as predefined SLA preaches the instances scale out as per defined policies. Â The overall end-end architecture is as below. The IBM HTTP Server Plugin comes with ODR capabilities and hence one can Intelligently route requests directly through HTTP Server to dynamic cluster.
VMWare on IBM Cloud
The IBM Cloud for VMware Solution offerings enable existing VMware virtualized datacenter clients to extend into the IBM Cloud or to house cloud native applications. This permits use cases like capacity expansion into the cloud (and contraction when not needed), migration to the cloud, disaster recovery to the cloud, backup into the cloud and the ability to stand up a dedicated cloud environment for development, testing, training, lab or production.
The IBM Cloud for VMware solutions provide automation to deploy VMware technology components in IBM Cloud datacenters across the globe. The offerings in this solutions portfolio include the following VMware vSphere products within an automated deployed and configured cluster:Â
- VMware Cloud Foundation (VCF): vSphere ESXi, Platform Services Controller (PSC), vCenter Server Appliance, SDDC Manager, NSX, and vSAN.
- VMware vCenter Server (VCS): vSphere ESXi, Platform Services Controller (PSC), vCenter Server Appliance, NSX, and optionally vSAN
With VMWare cloud foundation one can manage complete VMWare Infrastructure â€“ On-Premise or on Â Cloud through a single console i.e one will have single VCenter server to manage multiple Infrastructures and this adds to one of the key advantages to WebSphere Infrastructure which we will discuss further in this article.
WebSphere with VMWare
WAS 9 currently supports VMWare Infrastructure 3 platform. To configure Intelligent Management to work with VMware Infrastructure 3 platforms, you must configure security so that the servers can communicate with each other and configure custom properties on your deployment manager to define the vCenter or ESX servers. Â The Intelligent Management configuration depends on VMware configuration with the following three below mentioned scenarios:
- If using only ESX servers, WAS must be configured enough of the individual servers to make Intelligent Management aware of the physical servers and virtual machines in the environment.
- If using a vCenter server to manage the VMWare environment, one can connect to the vCenter server, which establishes communication with all of the virtual machines and servers that the vCenter server manages. One do not need to connect to each ESX server. If a vCenter is available, the best practice is to connect to the vCenter server instead of each ESX server.
- If running multiple vCenter servers with a Microsoft Cluster Server (MSCS) to provide high availability, you can configure the key stores and custom properties for each vCenter server.
Enhanced portability option for VMware clients to take better advantage of the speed of the cloud and economics by enabling them to easily extend their existing workloads, as they are, from their on-premises, software-defined data center (SDDC) to the cloud. The solution takes advantage of jointly designed architecture by VMware and IBM to automatically provision pre-configured VMware SDDC environments, which consist of VMware vSphere, NSX, and Virtual SAN on the IBM Cloud. The VMware SDDC environment allows customers to deploy workloads into this hybrid cloud environment without modification because of common security and networking models that are based on VMware.
This article focuses on scenario 2 where VCenter server on IBM Cloud is being leveraged to manage complete VMWare Infrastructure. Â This configuration is supported on Solaris Operating Environment on Intel hardware, Windows, or Linux x86 operating systems.
VMware Dynamic Resource Scheduler (DRS), part of VMware Infrastructure, dynamically allocates and balances computing capacity across a collection of hardware resources aggregated into logical resource pools. VMware DRS continuously monitors utilization across resource pools and intelligently allocates available resources among the virtual machines based on pre-defined rules that reflect business needs and changing priorities.
VMWare DRS is part of VMWare VMotions service.
Scaling WebSphere Application Infrastructure - Burst into the Cloud
WebSphere virtual machines runs on VMWare Hypervisor called ESX which is deployed on Indivisual servers in customer’s data center or on cloud. In the event of all VMware ESX hosts being fully utilized, and where predefined service level agreements cannot be met, an additional ESX host (Cloud etc) can be added to your VMware Infrastructure environment to provide a larger resource pool to handle the extra load. VMware DRS will automatically allocate additional resources from the newly added ESX host instance by placing virtual machines among the physical servers. You can set WebSphere Application Server to recognize these virtual machines automatically and, in turn, route workloads to them trough initial configurations mentioned earlier. Intelligent Management can contact VMware through Web services to keep note of these scale out machines. One needs to configure this communication in the administrative console by creating cell-wide custom properties.
The WebSphere nodes on IBM Cloud are federated to deployment manager(Dmgr) on customer DC. Â
North South Traffic Flow
North-South traffic flow comprises of data movement from Internet to WebSphere Infrastructure. In this use case customer can leverage is on premise load balancer for traffic management or F5 load balancer which comes with VMWare offering. Customer can also opt for citrix netscaler offering on IBM Cloud if required. Here we will focus on F5 load balancer.
F5 Load Balancer with WebSphere Infrastructure
F5 load balancer can optimize IBM WebSphere at many layers: in front of the IBM HTTP Servers, between HTTP Servers and WebSphere Application Servers, or to eliminate the HTTP layer altogether. By configuring the BIG-IP LTM system within the WebSphere infrastructure F5 provides a number of benefits, including simplification of the infrastructure, L4-L7 load balancing, application level health monitoring, SSL offload and intelligent load balancing. While high availability remains the central goal of BIG-IP LTM, reducing complexity in an another complex environment allows organizations to spend more time on the important aspects of the architecture such as application delivery, intelligent reporting, and gathering granular statistics from the environment. IBM offers F5 load balancer with its VMWare offering. Details could be found here:
Key Advantages of F5
- Reduces the complexity of WebSphere deployments, including removing the need for an additional HTTP layer.
- Ensures application health by determining the availability of a specific application based on the URI being requested and the port used by the application.
- Enables better visibility through analytics and provides a granular understanding of how many sessions are established to each WebSphere Application server and the ability to limit these sessions using various metrics.
- Reduces the load on the WebSphere servers by taking on the following tasks:
- SSL processing: the BIG-IP system terminates SSL requests at the front end and delivers Â Â Â HTTP requests to the backend.
- TCP optimizations: the BIG-IP system reduces the number of requests to the servers using HTTP Request and Content caching.
- Connection pooling: The One Connect feature on the BIG-IP system reduces the number of server-side connections that a server must open by using existing server-side connections for multiple new client-side requests.
F5 Licensing with VMWare on IBM Cloud
The following licensing options are available for BIG-IP VEs with VMWare Cloud Foundation and VCenter offerings on IBM Cloud:
Good: This offer leverages the BIG-IP Local Traffic Managerâ„˘ (LTM) VE, operating as a full-proxy architecture, to provide intelligent local traffic management, complete SSL traffic visibility, and analytics and health monitoring to ensure application servers are always available to your users.
Better: This offer is built on the benefits of the Good option, with the addition of BIG-IP DNSâ„˘, BIG-IP Advanced Firewall Managerâ„˘ (AFM), and BIG-IP Application Acceleration Managerâ„˘ (AM) modules. It delivers global traffic management services, application performance optimization, and advanced network firewall and Distributed Denial of Service (DDoS) mitigation capabilities.
Best: In addition to the Good and Better offers, BIG-IP Application Security Managerâ„˘ (ASM) provides comprehensive application protection against L7 DDoS, Open Web Application Security Project (OWASP) top 10 threats and common application vulnerabilities. BIG-IP Access Policy Managerâ„˘ (APM) offers users secure, simplified access to applications located anywhere within a multi-cloud environment, incorporating features such as SSO (Single Sign-On) and MFA (Multi-Factor Authentication).
Architetcure with F5
Customer firewall is being used for further protection between F5 and WAS Infrastructure in his DC. The communication between customer DC and IBM Cloud private network is through IPSec or Direct-Link connectivity which logically
Leveraging Cloud burst capabilities through VMWare on IBM Cloud customers can securely leverage capacity of IBM Cloud data centers to bring down the cost, time and effort they would otherwise requires procurement, installation and configuration of additional hardware in their data center. VMWare on IBM Cloud helps build centralized managed seamless integrated hybrid Infrastructure to meet such capacity requirements.