Wiki Cloud Avenue
< All Topics

VCenter On Demand

Foreword : the need for a private cloud

For many companies, a significant portion of their IT needs cannot be met by a standard public cloud solution. This is particularly true for:

  • legacy applications that require a specific operating system and environment to run and be updated.
  • data privacy and isolation,
  • enhanced security,
  • data traceability, controlled location and proximity,
  • the fully dedicated performance provided by dedicated servers,
  • compliance with regulations and applicable European law,
  • the customer’s control over the infrastructure maintenance/update schedule,

Orange Business responds to all these needs by offering the Cloud Avenue [Private] service, which provides dedicated computing/storage resources for each customer.

With a streamlined and standardised architecture choice, Cloud Avenue [Private] is designed for customers who are looking for the essential features and benefits of a private cloud while benefiting from lower costs and faster implementation.

Service overview

Cloud Avenue [Private] (aka vCenter On Demand or vCoD) is a dedicated VMWare hyper-converged cloud service hosted on the Orange Business Cloud Avenue platform in Orange datacenters located in France.

Cloud Avenue [Private] provides fully dedicated computing/storage resources and management infrastructure, physically isolated from other customers.

It offers a wide range of configuration options to meet all needs, from 30 VMs upwards, and can be deployed on one or two sites.

It is a secure Infrastructure-as-a-Service (IaaS) solution, operated on a self-service basis by the Customer, which can be supplemented by mutualized options from the Cloud Avenue catalogue and, for specific needs, by dedicated options in a tailor-made offer designed and operated by the Orange Business teams (such as dedicated backup, additional dedicated NAS/SAN storage bay, etc.).

Customers access and operate their resources via a BVPN or IP Sec connection over the Internet.

Orange Business manages the entire underlying technical platform (servers, virtualisation layer, storage, network and security) for the Customer.

VCenter On Demand (aka vCoD) is the core of the Cloud Avenue [Private] service. It is an offer consisting of the following elements:

  • dedicated, physically isolated cluster based on modular “hyper-converged” servers
  • dedicated storage attached to the servers in vSAN
  • management device entirely dedicated to each cluster (see §3-Control plan)
  • dedicated virtual network
  • dedicated virtual security
  • shared physical network
  • shared physical security


vCoD is based on an automated platform with the following characteristics:

  • VMware Cloud Foundation Platform (vCF)
  • high level of integration and automation
  • migration and disaster recovery included (VCDA)
  • overlay network operated with NSX-T

Service location

Geographical presence

The Service is available in France and hosted in Orange datacenters located in France, at the Val-de-Reuil and Chartres sites.

Cloud Avenue [Private] is offered by default in a single site configuration but can be proposed in a dual site configuration to provide a reinforced service continuity solution.

The two available sites are separated by 100km, allowing for low inter-site latency, which is ideal for the extended cluster option of the Cloud Avenue [Private] service.

Regardless of the configuration envisaged (single or dual site), the customer has the choice of the primary site for the implementation of its cluster (Val-de-Reuil or Chartres).

Inter-site connectivity

The service uses a 2x 100Gbps physical dark fiber link to provide inter-datacenter resilience and benefits from low latency (<5ms) between the 2 sites.

Applicable law

The offer is provided by Orange Business, the location of the datacenters and customer data is on French territory, the applicable law therefore remains under French jurisdiction, beyond the reach of extraterritorial laws such as the US Cloud Act.

Dedicated control plane

The control plane is fully dedicated for each Cloud Avenue Private customer and installed within its cluster.

The management infrastructure (the control plane) includes different software from the VMware suite to provide the necessary functionalities for the optimal operation of a dedicated infrastructure:

  • vCenter
  • vRops
  • NSX-T Manager
  • VCDA

Management interface

Each customer has its own dedicated vCenter.

In Self-Service, the resource management is done, at the customer’s choice, via:

Direct access to the vCenter API

The customer is free to use his own CMP (Cloud Management Portal) to manage the resources, via API.

vCloud Director Portal (vCD)

  • paying option
  • for very large environments
  • management tool on top of vCenter
  • standard service catalogue
  • service scope:
    • management of VM resources (detailed management),
    • template creation, image import,
    • advanced configuration modification (in VMs, VM hardware profile),
    • capacity alerts (cluster level),
    • storage profile management (replicated or default performance), with a level of granularity at the VM level.

vRealize Automation (vRA) portal

  • paying option,
  • graphical user interface,
  • customisable to customer requirements,
  • access control management with predefined profiles and roles within the customer’s organisation (business groups),
  • enriched service catalogue,
  • scope of service:
    • deployment and management of virtual instances (simplified management),
    • image catalogue and blueprints in 1 click (a catalogue of standard blueprints is available to the customer, customised blueprints are subject to additional invoicing),
    • overview of resource pools (by function or by activity group),
    • capacity alerts (at resource pool level),
    • blueprint-based storage profile at VM granularity (+ optional encryption key),
    • native hybridisation capability with the public cloud.

These 3 methods of access to resource administration cannot coexist and the Customer must choose one of the three exclusively according to his level of expertise and needs.

Infrastructure implementation and management

Orange Business shall implement and configure the Cloud Avenue [Private] Service for the Customer. The implementation may be accompanied by personalized assistance to help the Customer in its migration to the Service.

Orange maintains the service in operational conditions and upgrades the components in compliance with the availability, security and performance commitments.

Infrastructure management covers the following activities:

  • design, sizing of the solution,
  • installation and configuration of servers,
  • administration, maintenance and support,
  • monitoring and management of incidents and changes 24 hours a day, 7 days a week.

Server configuration

Cloud Avenue [Private] / vCenter on Demand is based on the principle of hyper-converged architecture.

The vCoD catalogue offers a family of 4 standardised servers of latest generation (Gen 11) with progressive levels of capacity and performance to meet all use cases:

Server type Node model
 Nb socket
 Processor
 Freq
 Core RAM

1A

1B

1C

 Small 1 Intel Xeon Gold 6526Y 2,8 GHz 16

256 GB

512 GB

768 GB

2A

2B

2C

 Medium 1 Intel Xeon Gold 6548Y 2,5 GHz 32

512 GB

1024 GB

1536 GB

3A

3B

3C

 XLarge 2 Intel Xeon Gold 6548Y 2,5 GHz 64

1024 GB

1536 GB

2048 GB

Minimum configuration, maximum configuration and increments

The minimum configuration of a vCoD client cluster starts with 4 servers (starter kit). Growth is done in increments of 1 server.

Single-site

  • minimum 4 servers per cluster
  • maximum 28 servers per cluster

Dual-site

  • minimum 8 servers per site (4 servers per site)
  • maximum 56 servers for dual site non stretched (28 servers per site)
  • maximum 40 servers for dual site stretched (20 servers per site)

Server loss coverage by design

Orange Business has designed vCoD with native client cluster resilience. In case of failure or maintenance of a server, its workload is automatically distributed to the other servers of the cluster, without impact on data, volume and performance (e.g. for a cluster of 4 servers, the maximum usable capacity is capped so that it can be contained on 3 servers in case of unavailability or failure of 1 server).

The initial sizing and capacity planning take this possibility into account by limiting the maximum capacity of the entire cluster to n-1 servers (e.g. 3 servers for a cluster of 4 servers).

VMWare’s high availability and the DRS/HA (Dynamic Resource Scheduling) function ensure distribution and restart on other available hosts.

Storage

The storage associated with vCenter on Demand is of the vSAN type. In terms of hardware, it consists of full flash SSDs with a raw capacity of 1.92, 3.84 or 7.68TB per unit.

There are 4 storage packages available:

  • 4 disks per server
  • 6 disks per server
  • 8 disks per server
  • 10 disks per server

Several types of vSan configuration are available for the Customer to choose from and are shown in the table below with an impact on the available usable storage.

vSAN configuration Reduction in storage volume fault tolerance minimum number of servers
FTT = 1 / Mirroring 2x 1 3+
FTT = 1 / Erasure Coding 1.33x 1 4+
FTT = 2 / Mirroring 3x 2 5+
FTT = 2 / Erasure Coding 1.5x 2 6+

NSX options (Firewall – IDS/IPS – Load Balancer)

VMware NSX-T is the network virtualization and security component integrated into the VCOD offering.

Optional advanced features are available with NSX-T: Firewall Gateway statefull, Advanced Threat Protection (ATP), Advanced Load Balancer (ALB), Distributed Firewall.

They offer multi-layered threat protection, optimized load distribution and granular micro-segmentation for increased security and better application performance.

They complement and reinforce the safety and load balancing mechanisms already present in the basic VCOD offer.

Firewall Gateway statefull

  • It is the next generation perimeter firewall of NSX with dynamic filtering of North-South traffic for increased security, available on both level 0 and level 1 gateways.
  • Firewall Gateway statefull tracks and monitors the status of active network connections while analyzing incoming traffic and looking for potential risks related to traffic and data.
  • This feature is based on 1 Tier 0 Edge cluster and 1 Tier 1 Edge cluster.
  • It is available for single-site and dual-site stretched cluster VCOD configurations.
  • It consumes a predefined amount of resources on the control plane installed on the client’s VCOD infrastructure but this element will however be taken into account in the calculation of the available resources for the client.
  • It is offered by default by the VCOD service with Standard performance (3.5 Gbps bandwidth).
  • Optionally, the customer can subscribe this feature in its High-performance Broadband version (up to 10 Gbps bandwidth).
  • It is billed per client cluster and on a monthly basis.

Advanced Threat Protection (IDS/IPS)

  • This optional feature is an enhancement of the Firewall Gateway statefull feature. It is based on the same sizing.
  • It provides advanced threat protection, including malware detection and intrusion prevention.
  • ATP uses behavioral analysis and machine learning techniques to detect and block zero-day threats, malware and suspicious activity. ATP also provides sandboxing capabilities to analyze suspicious files in a secure, endpoint detection and response (EDR) environment for complete threat visibility and control.
  • It is available for single-site and dual-site stretched cluster VCOD configurations.
  • It consumes a predefined amount of resources on the control plane installed on the client’s VCOD infrastructure but this element will however be taken into account in the calculation of the available resources for the client.
  • It is available in 2 versions, Medium and Large. The distinction is made on the size and bandwidth of edge nodes (3.5 Gbps for Medium, up to 10 Gbps for Large).
  • It includes a statefull Firewal Gateway component. Therefore, when selected, it replaces the statefull Firewal Gateway option alone.
  • It is billed per client cluster and on a monthly basis.

Advanced Load Balancer (ALB)

  • This optional feature enables intelligent load balancing and advanced application services for increased availability and performance.
  • The Advanced Load Balancer (AVI) is a modern, software-defined application distribution controller that provides advanced load balancing, application security and application acceleration services. It provides intelligent traffic distribution, high availability, enhanced security and deep analytics for traditional and modern applications deployed in multi-cloud environments.
  • It includes a WAF (Web Application Firewall) that protects web applications from malicious attacks by filtering and monitoring HTTP/HTTPS traffic. It acts as a shield between web and internet applications, blocking known attacks such as SQL injections, cross-site scripts (XSS) and cross-site query falsifications (CSRF).
  • It is offered as instances (Small, Medium or Large), depending on the size of the Service Engines:
    • Small – 1 vCpu, limit 100 virtual services
    • Medium – 2 vCpu, limit 200 virtual services
    • Large – 4 vCpu, limit 360 virtual services
  • It consumes a predefined amount of resources on the control plane installed on the client’s VCOD infrastructure, but this will be taken into account in calculating the available resources for the client.
  • It can be implemented in addition to the statefull or ATP firewall gateway features.
  • It is billed per client cluster and on a monthly basis.

Distributed Firewall

  • This optional feature provides granular workload-level security with distributed, micro-segmented security policies.
  • It allows you to create micro-segments to isolate sensitive applications and data, and enforce specific security policies at the VM level, regardless of the underlying physical network. This increased level of security and micro-segmentation limits the scope of attacks and enhances protection for sensitive data.
  • It can be implemented in addition to the statefull, ATP and ALB firewall gateway features.
  • It is billed per physical core deployed in the client cluster and on a monthly basis.

Sizing, Capacity management

Sizing

The sizing of the customer cluster is calculated according to the client’s needs (performance, storage replication, options) but also takes into account the coverage of the loss of a server and the resources consumed by the dedicated control plane.

Capacity management

Cluster capacity management is the responsibility of the Customer, both in terms of computing power and storage.

With the architecture chosen (standardisation and modularity of components) for Cloud Avenue [Private], the scaling of the Client cluster is optimal and can be carried out on several levels :

  • Computing resources, by adding additional servers,
  • Storage, by adding disks to the chassis storage module (up to 8 disks per server)
  • Site resilience, by implementing another cluster in a second datacenter.

Maintenance and update operations

The maintenance and update operations of the customer’s cluster are carried out by Orange Business. They concern security and maintenance patches and service packs offered by hardware and software providers.

Maintenance operations do not impact the operation of customer VMs.

Predefined maintenance and update ranges are provided for the vCOD service platform, on the following dates and times:

  • By default, every Tuesday from 00:00 am to 06:00 am (Paris Local Time)
  • Exceptionally, and for minor operations, maintenance can be carried out between 12:00 and 14:00 (Paris Local Time) from Monday to Thursday

For all scheduled maintenance, the customer is notified within 15 calendar days prior to the operation. This delay can be shortened if a patch or security patch must be deployed urgently.  

Possibility of customization: if the proposed date presents a disadvantage to the customer, her may contact the Service Provider to agree on an adjustment of the intervention schedule, within the limit of maintenance that would only concern components dedicated to the client (client servers or control plane) and unless an update is mandatory, it cannot be deferred.

Orange Business ensures the traceability of all updates in a dedicated operating tool within its scope of responsibility. This data is kept by Orange Business for the duration of the contract with the Customer.

Backup

Mutualized backup

The standard Cloud Avenue [Private] backup optional service, based on NetBackup ‘9.1 solution, enables the Customer’s data to be backed up on a daily, weekly or monthly basis and restored, when necessary, at a date chosen within the limits of the backup history.

The default backup platform is mutualized and separate from the Customer’s compute/storage infrastructure. It is located on the same site than the client cluster but in a separate room.

The backup and restore processes are managed by Orange Business and applied to the volume associated with the Customer’s cluster, at the image or file level (the operating system must be managed by Orange Business to allow backup at the file level). The scope of intervention of Orange Business covers the following areas:

  • Monitoring of the Customer’s backups,
  • Definition of the storage repository profile,
  • Restart of backups in case of failure,
  • Restoration at customer’s request,
  • Capacity planning of the backup platform.

VM are backed up as described here.

Tailor-made dedicated backup

For specific needs (more advanced isolation, specific backup technology, sizing, etc.), Orange Business offers a dedicated backup solution, hosted in the co-location space, near the customer’s dedicated cluster.

This offer is entirely customised, based on a large catalogue of the main solutions on the market and is subject to a specific quote. It requires a minimum commitment agreed with the customer, which then extends to the entire Cloud Avenue [Private] solution.

Additional storage

For specific storage needs in terms of capacity or performance and alongside the vSAN storage associated with vCenter-on-Demand, Orange Business offers additional NAS or SAN storage solutions, shared or dedicated, from the Cloud Avenue catalogue or a custom-made offer.

Shared storage

This optional service is based on the shared storage offerings , Network or Object, of the Cloud Avenue catalog

See the Network Storage page for details

See the Object storage page for details

Tailor-mde dedicated storage

This optional service is based on a wide catalogue with the main solutions available on the market and is subject to a specific quote. It requires a minimum commitment agreed with the customer, which then extends to his entire Cloud Avenue [Private] solution.

The solution is hosted in the co-location space, near the dedicated cluster of the Client.

Colocation

Colocation enables equipment to be hosted outside the perimeter of the Cloud-Avenue infrastructure.

The racks dedicated to colocation can accommodate equipment that does not exist in the Cloud-Avenue hardware catalogue.

These slots can accommodate specific or obsolete technologies such as Oracle ODA, HSM, etc.

Hosted equipment can be managed by Orange Business on a case by case basis.

Cross-site resilience (extended cluster)

This service allows the Customer to use extended VM profiles, which means that each VM is replicated to two locations. It is based on an extended cluster implemented either between two rooms in the Orange datacenter in Val-De-Reuil, or in the two Orange datacenters in Val-de-Reuil and Chartres, which are approximately 100km apart.

The extended cluster benefits from the continuity of the high-speed network between the two data centres and very low inter-site latency, <5ms.

A minimum of 4 servers is required at each location (4+4) with the same number of servers on both sides and identical configurations.

Extended clusters are natively datacenter crash resilient infrastructures. In an extended cluster, the Customer can select which of the deployed VMs will automatically restart on the other datacenter in case of a major datacenter failure.

The storage security profile is granularly applicable to the VM level.

Monitoring, Reporting, Logs

Orange Business continuously collects all the technical metrics of the platform, whether they are VMs or objects hosted on the platform (infrastructure and virtual instance metrics).

The infrastructure metrics are then processed and the results are made available to the customer in the form of dashboards or reports:

  • dashboards (via vROPS web access) with real-time cluster health and VM metrics,
  • reports (alert, change, capacity) automatically generated and sent by email.

Optional specific monitoring tools provide metrics on managed services (OS, Middleware, DDB, applications).

The customer accesses the monitoring and reporting tools via the CloudStore.

Internet access

The Cloud Avenue [Private] service includes by default an Internet access for the Customer to the Service.

The functional elements offered are as follows :

  • a redundant Internet connection to Orange’s two secure datacenters, SAS 70 type II certified, monitored 24/7,
  • allocation of public IP addresses in predefined ranges,
  • burst capability with a defined limit.

Subscription and order

The subscription to the Cloud Avenue [Private] / vCenter on Demand service is made through the Customer’s usual sales contact.

The Customer must order:

  • A “starter kit”, including a minimum pack of 4 servers (or nodes)
  • One or more additional servers, depending on the desired target configuration
  • A storage pack associated with the servers
  • Hardware or software options

Capacity increase orders are placed in the Customer portal.

Service price, Billing

The Service price includes hosting and provision of a dedicated infrastructure (hardware, software, licenses), infrastructure management, standard and optional services, support.

Cloud Avenue [Private] / vCoD billing is monthly, based on the number of physical servers. In detail, it depends on several criteria.

  • The vCoD cluster:
    • type and number of servers chosen (minimum 4 if mono site, 8 if dual site)
    • associated vSAN storage pack (size and number of disks per server)
    • cluster resilience model (single site or dual site extended cluster)
    • Gateway Firewall statefull feature (standard performance by default)
    • support level
  • vCoD cluster optional features:
    • vCoD User Interface (VCD or VRA)
    • OS licenses (WDC, Redhat)
    • NSX features
    • other VMware options (VCDA, Tanzu)
  • Cloud Avenue catalog optional features
    • mutualized backup
    • additional storage (NAS storage, object storage)
  • Tailor-made dedicated features hosted in colocation space
    • dedicated backup
    • dedicated storage bay
Option Description
 Billing mode
 Calculation basis
 Additional information
vCD vCloud Director licence monthly, price per customer n/a allows to manage resources much more easily than with vCenter. If the Customer has a Public Cloud Avenue organisation, it will be possible to manage all resources from a single vCD portal.
vRA vRealize Automation licence monthly, price per server per server type, all servers in the cluster counted  
Gateway Firewall statefull NSX licence, see description in this document monthly, price per Customer cluster    
IDS/ IPS NSX licence, see description in this document monthly, price per Customer cluster    
ALB NSX licence, see description in this document monthly, price per Customer cluster    
Distributed Firewall NSX licence, see description in this document monthly, price per core (service engine) all physical cores within the cluster integrated within vCD option
VCDA simplified migration and disaster recovery services free of charge in the context of a migration    
WIN Windows Datacenter Edition licenses monthly, price per physical core all physical cores within the cluster mandatory as soon as a Windows VM is hosted on the cluster
RED
 Redhat licences monthly, price per VM all VMs with RHEL OS unit price varies according to the size of the VM

Billing for other services:

  • change requests
  • governance services
  • professional services

Commitment and Termination

There is no duration commitment for the Customer, except for specific cases with optional tailor-made features.

The Customer may terminate the Cloud Avenue [Private] / vCenter On Demand service (i.e. the entire cluster and its options) at any time, via the Cloud Customer Area. The request is processed at the beginning of the month following the request.

Support

Support model

The Cloud Avenue [Private] / vCoD relies on a European support and operating model, i.e. provided by teams located in France or in the European Union.

Support levels

The following table lists the support offer attached to the Cloud Avenue Service and which applies to Cloud Avenue [Private] / vCoD.