Starting on 28 March 2024, VMware Shared will no longer be available for new deployments. Existing instances will continue to be supported until 15 January 2025. Ensure that you migrate all your VMware Shared resources to IBM Cloud® for VMware as a Service by 15 January 2025. For more information, see End of Support for VMware Shared deployments.
The IBM Cloud® for VMware Solutions Shared offering provides standardized and customizable deployment choices of VMware® virtual data center environments. With VMware Shared virtual data centers, you can quickly and seamlessly migrate or deploy
VMware workloads to the cloud, on IBM-hosted VMware infrastructure. IBM provides a self-service on-demand VMware cloud computing platform with VMware Cloud Director running on IBM Cloud. This Infrastructure as a Service (IaaS) on-demand offering
provides the option to use specific virtual CPU (vCPU), storage, vRAM, Network, and IP, as needed.
VMware Shared has the following IaaS subscription service types:
Multitenant on-demand virtual data centers
Multitenant reserved virtual data centers
You can manage the lifecycle of virtual data centers by using VMware Shared. The following functions are supported when you use the VMware Cloud Director Management console or public API:
Virtual data center creation
Virtual data center elasticity
Virtual data center deletion
VMware Shared comes standard with five public IP addresses on an NSX Edge Service Gateway with unlimited ingress over the public network.
Virtual data centers incur charges for the following components:
Storage allocations with tiered pricing based on storage performance
vCPU usage
Virtual memory usage
Egress on public networking
Commercial operating system licenses used
Optional VMware services
VMware Shared architecture
The following graphic depicts the high-level architecture and components of VMware Shared deployment.
Figure 1. VMware Shared architecture
VMware Cloud Director
This layer represents the management interface. VMware Cloud Director provides role-based access to a web-based tenant portal. The portal allows the members of an organization to interact with the organization's resources to create and work
with vApps and virtual machines (VMs).
The supported version of VMware Cloud Director is v10.4.1 and it supports up to virtual hardware version 19.
Organization
An organization is a unit of administration for a collection of users, groups, and computing resources. Users authenticate at the organization level, supplying credentials established by an organization administrator when the user was created
or imported. Organization administrators manage organization users, groups, and catalogs.
Users and policies
An organization can contain an arbitrary number of users and groups. Users can be created locally by the organization administrator or imported from a directory service such as LDAP. Permissions within an organization are controlled through
the assignment of privileges and roles to users and groups.
Catalogs
Organizations use catalogs to store vApp templates and media files. The members of an organization that have access to a catalog can use the catalog's vApp templates and media files to create their own vApps. Organizations administrators
can copy items from public catalogs to their organization catalog.
Virtual data centers
An Organization virtual data center provides resources to an organization. Virtual data centers provide an environment where virtual systems can be stored, deployed, and operated. They also provide storage for virtual CD and DVD media. An
organization can have multiple virtual data centers.
Figure 2. VMware Shared virtual data center architecture
Sites
A site is a Cloud Director instance that is set up over a set of zones in a multizone region. An account can have only one organization in one Cloud Director instance that provides a one-to-one relationship between a site and a Cloud Director
organization.
For example, the following graphic depicts two Cloud Director instances, VCD1 and VCD2. The clusters span across the dal10 and dal12 locations. Two organizations, Org A and Org B belong to the same customer
and one organization, Org C belongs to a different customer.
Figure 3. VMware Shared site architecture
Role-based access policies (VMware Shared V4.8 and later)
Role-based access control is achieved by using a site and organization IAM policy for VMware Shared resources.
Table 1. Site and Organization IAM policy control for VMware Shared
Access policy level
Access
Site/Org IAM Policy
Exposed and active
VDC IAM Policy
View and delete only
Global Resource List
Organizations only
VMware Console Resource List
Organizations and associated virtual data centers only
For VMware Shared versions earlier than V4.8, role-based access control is achieved by using a virtual data center IAM policy for VMware Shared resources.
Table 2. Virtual data center IAM policy control for VMware Shared
Access policy level
Access
Site/Org IAM Policy
Hidden
VDC IAM Policy
Exposed and active
Global Resource List
Virtual data center only
VMware Console Resource List
Virtual data center only
Access policy updates
You have access to your sites only to assign access policies. The access policy at the site level applies to every resource within it. You don't assign access control directly to a virtual data center.
For more information about assigning resource access and roles, see:
If you have multiple resource groups with different virtual data centers from one specific location, only the resource group that contains the first virtual data center of that location (based on creation date) applies to all of the virtual
data centers in that location. Policies apply to the resource group that contains the first virtual data center or you can set a policy at the VMware Solutions service level.
If all of your virtual data centers are in a single location and belong to only one resource group access policy, your site automatically belongs to the same resource group as the virtual data center.
Your existing group membership has sites that are listed instead of virtual data centers. The site for a virtual data center belongs to a resource group only if the virtual data center was the first virtual data center of the site.
Virtual data center based access policy updates
A new access policy is required at the VMware Solutions service level for all your resources.
Virtual data center based access policies are named after the site. If you did not make the required policy updates before the V4.8 release, your virtual data center based policy is ineffective.
Technical specifications for VMware Shared
The following components are included in your virtual data center:
Compute
Compute processing is allocated to virtual data centers in vCPU increments. Each vCPU increment represents a single 2.0 GHz core. Compute memory is allocated in GB increments.
Networking
By default, every virtual data center comes configured with one advanced edge gateway with five public IP addresses and one private service IP address. The advanced edge gateway is customer configurable and can be customized.
The public IP addresses can be used for public facing vApps for inbound or outbound public internet traffic.
The service address can be used for access to IBM Cloud infrastructure services on the IBM Cloud internal private network, including the following services:
NTP
Windows® operating system licensing and updates
Red Hat Enterprise Linux® operating system licensing and updates
Cloud Object Storage
Storage
When you create or deploy vApps or VMs, you can select either an unencrypted or encrypted storage policy. Each option has six different tiers of storage available, depending on the storage performance required.
Storage policy availability can vary by region and deployment topology.
Unencrypted storage policy options
Standard - The storage tier with no maximum throughput. The number of IOPS/GB is not guaranteed.
10 IOPS/GB - The storage tier with a maximum throughput of 10 IOPS/GB, the highest guaranteed performance.
4 IOPS/GB - Storage tier with a maximum throughput of 4 IOPS/GB.
2 IOPS/GB - Storage tier with a maximum throughput of 2 IOPS/GB.
0.25 IOPS/GB - Storage tier with a maximum throughput of 0.25 IOPS/GB.
vSAN™ - No IOPS limitation.
Standard is the default policy for virtual data centers.
Encrypted storage policy options
Encryption-enabled storage policies are available to all Organization virtual data centers. Encryption protects not only the VMs but also VM disks and other files. Administrators can encrypt VMs and disks by associating the VM or disk with
a storage policy that has the VM encryption capability.
Standard - Encrypted. The storage tier with no maximum throughput. The number of IOPS/GB is not guaranteed.
10 IOPS/GB - Encrypted. The storage tier with a maximum throughput of 10 IOPS/GB, the highest guaranteed performance.
4 IOPS/GB - Encrypted. Storage tier with a maximum throughput of 4 IOPS/GB.
2 IOPS/GB - Encrypted. Storage tier with a maximum throughput of 2 IOPS/GB.
0.25 IOPS/GB - Encrypted. Storage tier with a maximum throughput of 0.25 IOPS/GB.
The encryption storage policies do not currently work with VM customizations. To resolve this issue, you can use encryption storage policies after a VM is deployed and customized by using the unencrypted storage policies. For more information,
see Changing the general properties of a virtual machine.
Standard-Catalog storage policy
Select the Standard-Catalog storage policy to upload vApp templates and any media to your catalog. The Standard-Catalog storage policy does not deploy vApps and VMs, is unencrypted, and has no IOPS restrictions.
The Standard-Catalog storage policy always spans all virtual data centers in the region so you can access media files from any virtual data center regardless of the data center zone.
Maximum disk size
The maximum disk size is 16 TBs per disk for the 0.25 IOPS / GB, 2 IOPS/GB, 4 IOPS/GB, 10 IOPs / GB, and Standard storage policies.
The maximum disk size is 62 TBs per disk for the vSAN storage policy.
Maximum host capacity
The maximum host capacity for a single VM has the following specifications:
80 vCPU
1.5 TB RAM
Storage is not limited
Open virtualization appliance (OVA) size is limited to 300 GB. You can use the Open Virtualization Format (OVF) Tool for uploading larger OVAs.
Managing user access with Identity and Access Management
The IBM Cloud Identity and Access Management (IAM) offering controls user access to IBM Cloud for VMware Solutions service instances. For more information about IAM, see Managing user access with Identity and Access Management.
