REFERENCE ARCHITECTURE

Migrating Workloads to VMware Cloud on AWS

Overview

The benefits of moving workloads from your on-premises data center to a public cloud provider such as Amazon Web Services (AWS) are well known. These benefits include reduced CapEx and an overall shift to more predictable OpEx spending, accelerated innovation and faster application deployment, and greatly improved scalability. Users of VMware Cloud products have the option of utilizing VMWare Cloud on AWS in order to extend, migrate, and protect their VMware environments to AWS for a seamless hybrid cloud environment. VMware Cloud on AWS delivers a wide range of enterprise-grade capabilities, simple and consistent operations, and flexible consumption, all within the familiar VMware environment.

When faced with migrating workloads to VMware Cloud on AWS, IT operators that oversee BIG-IP deployments in their on-premises data centers—including workloads that are part of a VMware SDDC (software-defined data center) within those on-premises locations—might be concerned about losing the valuable application services they’ve come to count on from F5, or sacrificing all the hours already put into creating and maintaining applications, services, and configurations across a myriad of physical and virtual devices.

Such concerns are entirely unfounded.

Our Approach

F5 and VMware share a common vision that users should have access to their applications from any device, anywhere in the world, without compromising security and performance. We are committed to supporting digital workspaces that perform consistently, no matter where those workloads originate across various types of public, private, and hybrid cloud data center platforms. In addition, we provide all the tools to ensure you can easily and securely migrate your workloads from one platform to another.

Whether your VMware SDDC is on-premises or in VMware Cloud on AWS, you will still use vCenter to deploy and manage your apps; and whether on-premises or in VMware Cloud on AWS, you will still use the same BIG-IP solutions and can still leverage BIG-IQ Centralized Management as a central point of control and benefit from consistent policies and procedures across clouds.

Together, F5 and VMware solutions support a range of migration options (see Recommendations, below) and can help ensure all your critical configurations are safely migrated alongside your applications and data.

Architecture Overview

From the IT manager’s viewpoint, there is little to no difference in how your VMware SDDC workloads are managed on-premises versus in VMware Cloud on AWS. As Figure 1 shows:

  • F5 protects your VMware workloads in both environments.
  • BIG-IQ Centralized Management deploys and manages workloads in both environments.
  • VMware vCenter deploys and manages your applications in both environments.

Additionally, BIG-IP can be utilized to create a VPN between your on-premises solutions and your new VMware Cloud on AWS deployment in order to securely migrate applications and workloads via SSL.


Figure 1: Multi-site Reference Architecture

Addressing the challenges of workload migration requires advanced and programmable application delivery services that span private data centers and cloud providers, providing business flexibility and enabling a successful migration. BIG-IP delivers a unified platform that enables users to deliver and manage application services and associated policies in a consistent way across their application environments for existing applications as well as new cloud-native applications.

Post-migration, BIG-IP virtual editions (VEs) deliver a broad range of intelligent application and networking services, from acceleration, optimization, and intelligent traffic management (both local and global), to DNS, advanced application access, and network security. These services can be fully integrated as part of the application stack and configured automatically. In many cases, these services are likely already deployed in your data center, and after migration to VMware Cloud on AWS, they remain unchanged.

Recommendations

Details about hybrid migration—migrating virtual machines between an on-premises data center and a VMware Cloud on AWS SDDC—are available from VMware. Hybrid migration use cases require a number of prerequisites and configurations to ensure compatibility of virtual machines, as well as appropriate network bandwidth and latency to support migration. Hybrid migration use cases include:

  • Migration with VMware vMotion from an on-premises data center to a VMware Cloud SDDC: In this situation, a pair of BIG-IP on-premises systems are matched with a pair of BIG-IP systems in the cloud, enabling vMotion to remain active (and your applications to remain in use) throughout the migration. As each of your apps is migrated, the accompanying BIG-IP configurations can also be migrated with BIG-IQ Centralized Management (as shown in Figure 1, above).
  • Migration with vMotion from cloud SDDC to an on-premises data center (with some restrictions): This is similar to the previous option, except that applications and BIG-IP configurations are moved in the opposite direction (from cloud to on-prem).
  • Cold migration from an on-premises data center to a cloud SDDC and from a cloud SDDC to an on-premises data center: Unlike the previous scenarios, in which your applications remain in use while they are migrated one-at-a-time, cold migration requires your applications be taken offline during migration. This does, however, simplify the procedure as all your BIG-IP configurations are moved as a comprehensive unit and will require very little, if any, reconfiguration.
  • Using VMware HCX, bulk migration, migration with vMotion, and cold migration from an on-premises data center to a cloud SDDC and back: As with all the previous scenarios, when both sides (on-premises and cloud) are appropriately configured, BIG-IQ Centralized Management ensures your BIG-IP policies can be moved back and forth across on-premises and cloud to maintain consistency with your applications and data.

For larger systems, it is typically recommended to scale out the app servers across multiple virtual machines. This could be a 3-tier setup, as shown in Figure 2, or any other application architecture such as a containerized microservices architecture. One of the benefits of VMware Cloud on AWS is hybrid mobility—the ability to move workloads with zero downtime between on-premises and cloud. It is not unusual, however, for performance to be temporarily impacted during these migrations.


Figure 2: Three-tier migration

Considerations
Scalability and Availability

Moving your application delivery platform to a cloud service like VMware Cloud on AWS can have an immediate, positive effect on scalability. Where scalability of an on-premises solution is limited by the physical resources already deployed—or contingent on the deployment of new resources—a VMware Cloud SDDC on AWS can quickly scale virtual resources to meet the ever-changing demands of virtual machines.

BIG-IP Local Traffic Manager (LTM) and BIG-IP Application Policy Manager (APM) are ideally suited to such environments, with the ability to handle thousands of sessions (depending on the platform) and remain highly scalable to ensure all your users have access to their apps anytime, anywhere. BIG-IP also reduces data center-associated costs by lessening the need for constant upgrades (“destroy and re-deploy”) and cutting back on standard maintenance operations. These BIG-IP benefits, as well as the ability to concurrently deliver high availability across multiple sessions from multiple products, follow your integrated BIG-IP and VMware SDDC deployment whether it is on-premises or in VMware Cloud on AWS.

Manageability

Ease and consistency of management is one of the primary reasons users choose to deploy F5 BIG-IP systems and VMware SDDC alongside one another. Whether on-premises or in VMware Cloud on AWS, F5 BIG-IQ Centralized Management can deploy and manage your F5 solutions and VMware vCenter can deploy and manage your applications in the SDDC. After migration to VMware Cloud on AWS, you have access to all the same tools, process, procedures, settings, and configurations that you had originally set up for your on-premises deployment.

Security

Whether on-premises or in VMware Cloud on AWS, your applications have to be secure. Protecting against sophisticated, blended L3–7 security threats, where multiple types of volumetric DDoS attacks are combined with app-layer attacks (OWASP Top Ten, cross-site scripting, SQL injection, etc.) has never been more critical. When faced with such threats, IT managers need consistency of access and application security policies from their security tools, lest they inadvertently increase attack surfaces and expose vulnerabilities related to provisioning and de-provisioning access. BIG-IP solutions give your organization the ability to replicate and enforce consistent and proven security policies and access across your private data center and the cloud.

During migration, BIG-IP serves the very important role of creating a VPN between your on-premises solutions and your new VMware Cloud on AWS deployment. In this way, you can be assured that all data is fully encrypted via SSL while it makes the trip from your data center to the AWS servers.

Summary

As enterprises undertake plans to migrate critical applications to the cloud, the proven benefits of application delivery using the BIG-IP platform can easily be ported to cloud application workloads. Doing so addresses many of the challenges and concerns users might have regarding public cloud adoption, including consistent security across all application infrastructures.

An integrated F5 and VMware Cloud on AWS migration solution leverages F5 BIG-IP application services and BIG-IQ Centralized Management capabilities to deliver critical application availability, performance, and security to your VMware SDDC—regardless of location. With flexible licensing models available in the leading cloud marketplaces, enterprises can plan, stage, and deploy these services to the public cloud. Together, F5 and VMware enable enterprises and organizations to confidently transition workloads to single- and multi-cloud environments while maintaining visibility, security, and control.

Published October 23, 2019
  • Share to Facebook
  • Share to X
  • Share to Linkedin
  • Share to email
  • Share via AddThis