VMware vApp Best Practices

Save to My DOJO

VMware vApp Best Practices

VMware vSphere provides a powerful platform on which to run powerful multi-tier applications. By architecting applications using a tiered approach, it allows for much more efficient and secure design. Multi-tier applications allow implementing effective security architecture using micro-segmentation. Today’s complex multi-tier applications can spread across many different virtual machines running on different hosts. As the number of virtual machines contributing to an application begins to grow, managing the underlying VM infrastructure for a particular application becomes more complicated when managed on a VM by VM basis.

VMware vSphere provides a powerful construct known as the VMware vApp. The VMware vApp helps solve many of the management challenges associated with multi-tier applications spread across many different virtual machines running in the vSphere Datacenter. This post will examine all things vApp related and cover VMware vApp best practices for consideration when implementing vApps in your environment.

Application Tiering

To help understand the benefit of the VMware vApp, let’s examine how applications have changed, including the infrastructure architecture. Early application architecture decades ago would house all the requirements for an application on a single server host. In many legacy datacenters from years gone by, you would have a single server that provided the resources for a specific business-critical application. Businesses traditionally named servers based on the application they housed.

As organizations have deployed modern applications in the datacenter, the services and resources required for these applications have grown and expanded. For many applications, it is no longer feasible to house all components on a single server.

In addition to resource requirements, there are other essential reasons to split up applications. One of which is security. Applications that need to be accessible from the Internet will face more significant security risks to the underlying infrastructure. Placing only the infrastructure required to be accessible to the Internet in the DMZ and housing other application components in the internal LAN helps reduce the attack surface. Splitting up application requirements into a multi-tiered approach allows organizations to implement additional security architecture solutions, such as micro-segmentation.

Applications can be split up into many different components and architectures depending on the application and security requirements. However, a classic example of a multi-tier application is a three-tier application that includes:

  • Web
  • Application
  • Database

Below is a simple overview diagram of what a classic three-tier application might look like when designing connectivity.

Classic three-tier application

Classic three-tier application

As the simplistic overview above helps visualize, there are no less than five virtual machines that comprise the infrastructure backing the application in this simple configuration for a three-tier app. Managing these five VMs as separate entities, while doable, may likely be problematic for the application.

Applications generally require various components to be made available for other elements that comprise the application. As an example, the virtual machines that house the database may need to be available before the application housed on the virtual machine can successfully start. VMware vApps allow effectively sequencing the power-on management of all virtual machines in the vApp. In this way, virtual machines start in the correct sequence for the application, and application dependencies are satisfied.

What is a VMware vApp?

A VMware vApp is a construct found in a vSphere Datacenter that allows much more efficient management of virtual machines that back a specific application. With a VMware vApp, you can manage multiple virtual machines as a single entity. It includes resource management and other management activities such as power operations, snapshots, and others. You can think of a VMware vApp as a container that houses your VMs backing business-critical applications. In essence, you perform operations on the container that houses the VMs, allowing performing the functions in mass for the member VMs.

In addition to managing multiple virtual machines for a multi-tier application, the VMware vApp allows packaging the virtual machines that comprise a multi-tier application into a single distribution in the form of an OVF file. It makes deploying all the prerequisites and application dependencies much more effortless. Once the OVF file is deployed, all required virtual machines are deployed as part of the multi-tier application.

Requirements for VMware vApps

The VMware vApp can reside on either a standalone host (joined to vCenter) or a vSphere cluster. The requirements to configure a VMware vApp are minimal. However, these are worth noting. What are the requirements?

VMware vCenter Server Dependencies

It is important to note and understand the reliance on the vCenter Server for VMware vApps. VMware vApps metadata is contained in the vCenter Server database. This vApp metadata includes the vApp properties that are deleted, modified, or defined on the vApp. The vApp metadata is lost if the vCenter Server is lost or a standalone host is removed from the vCenter Server.

It helps to underscore the importance of protecting your vCenter Server as part of your disaster recovery plan and ensuring vApps are backed up to OVF format. The vCenter Server is a critical and integral part of your overall vSphere infrastructure. Many of the underlying capabilities and components of your vSphere landscape, including vApp metadata, rely on the availability of your vCenter Server.

VMware vAPP Use Cases

VMware vApps are especially powerful for environments in managing application virtual machine dependencies. The vApp provides a logical construct that allows vSphere administrators to manage, configure, and provide resources to the underlying virtual machines as a single entity. It offers many management and configuration advantages. What are those?

There are many things the VMware vApp can do for vSphere administrators to make much more efficient and powerful management of VMware virtual machines. These include:

  • Logical grouping of virtual machines for management – Instead of searching for and managing each VMware virtual machine individually, the vApp provides a logical container for grouping virtual machines and managing resource pools, power, snapshots, and other features.
  • VMware vApps allow resource pool management at the vApp level – VMware vSphere Resource pools can be configured at the vApp level. Resource pools allow vSphere administrators to think about the aggregate computing capacity of a vSphere cluster and not think about the individual hosts that make up the cluster resources. It is especially beneficial for use with multi-tier applications. It allows managing the resources allocated for VMs backing an application as a single entity to ensure that all VMs that run the business-critical application have the resource allocations they need.
    • Scalable Shares – New with vSphere 7, VMware has introduced the scalable share as a powerful new feature with resource pools. With scalable shares, resource pools are auto-scaled to reflect the actual workloads contained in the resource pool. Let’s consider an example of comparing a normal priority resource pool with a high priority resource pool. When you have many virtual machines in a high priority resource pool compared to a normal priority resource pool with few VMs, the normal priority resource pool may deliver higher resources per VM than the high priority resource pool. Scalable shares help solve this longstanding issue with traditional resource pooling by scaling the resources automatically to ensure the CPU shares are allocated to reflect the resource pool priority’s true intention.
  • Power management for vApp virtual machines – All virtual machines in a VMware vApp can be powered on and powered off in a single operation without manually performing these operations on each virtual machine that backs the application. If multiple virtual machines support a business-critical application, you do not want a critical VM missed during power-on after a maintenance period.
  • Startup and shutdown sequencing – Multi-tier applications may have individual requirements for specific virtual machines to be running before other application components come online. Without starting up the VMs in the correct order, the application may fail to start.
    • In the classic three-tier application scenario, the database server needs to come online first, then the webserver, and finally, the application server. If Active Directory servers are involved for authentication, the start order may be the following:
  1. Active Directory Domain Controllers
  2. Database Servers
  3. Web Servers
  4. Application Servers
  • Consistent packaging and deployment – Deploy all the underlying virtual machine dependencies for a business-critical application in a uniform and consistent manner. The VMware vApp allows packaging the VMs into a single OVF file that can be deployed seamlessly into a target vSphere environment.

VMware vApp – Operations

Now that we have a good overview of the basic VMware vApp functionality and use cases, let’s dive into VMware vApp operations and see how to work with it in vSphere operations. Let’s take a look at the following:

  1. Creating a vApp
  2. Configuring the properties of a VMware vApp
  3. Performing vApp power operations
  4. Cloning a vApp
  5. Exporting a vApp
  6. Nested Child vApps

1. Creating a vApp

The first and most basic operation related to VMware vApps is creating one. Creating a vApp is easy to accomplish in the vSphere Client UI. In the hosts and clusters view in the vSphere Client, right-click on a DRS-enabled vSphere cluster and select New vApp.

Creating a new vApp using the vSphere Client
Creating a new vApp using the vSphere Client

In the Select creation type, the Create a new vApp is selected.

Beginning the new vApp creation wizard
Beginning the new vApp creation wizard

Name the vApp and select the destination folder in the vSphere inventory.

Select the vApp name and location
Select the vApp name and location

On the next screen, select the resource allocation for the VMware vApp. Note the resource allocation options. Here is where you create a resource pool during the creation of the new vApp. Note the new Scale Descendant’s Shares option now available with vSphere 7.0 and higher for more effective resource management.

Configuring the resource properties of the VMware vApp
Configuring the resource properties of the VMware vApp

Finally, on the Review and finish step, review the configuration and click Finish to finalize.

Review and finish the creation of the vApp
Review and finish the creation of the vApp

Configuring the properties of a VMware vApp

Configuring the properties of a VMware vApp includes many configurable settings. These include the following:

Resources – As shown in the creation of the VMware vApp showing resource configuration, including scalable shares, you can also revisit this after the vApp has been created. The resource settings include CPU shares, reservation, reservation type, CPU limit, and memory shares and reservation.

Viewing the resources configuration for a specific vApp
Viewing the resources configuration for a specific vApp

Start Order – The start order helps to support a business-critical application’s various dependencies by starting virtual machines in the sequence needed for your application. The VMware vApp allows “grouping” VMs and setting the boot order and delay based on these groups. Also, you can configure the shutdown behavior along with the delay.

Start order configured in the vApp
Start order configured in the vApp

IP Allocation – A vApp can obtain its network configuration through the OVF environment or a DHCP server. You can specify the network configuration schemes supported by the vApp.

IP Allocation configured in the vApp
IP Allocation configured in the vApp

Details – Under the details tab, you can configure the name, Product URL, Vendor, and Vendor URL associated with the vApp if it is distributed.

Details tab allows configuring the product details for distributing the vApp
Details tab allows configuring the product details for distributing the vApp

Performing vApp power operations

To complement the Start Order configuration as found in the properties of the VMware vApp, you can perform various power operations on your vApp. It makes powering on multiple virtual machines providing resources for an application straightforward.

Operation

Detail

Power on

You can power on a vApp to power on all its virtual machines and child vApps. The power on operation is completed based on the order in which the startup order is configured.

Startup settings delay of a virtual machine in the vApp waits for the set length of time before powering on that virtual machine.

Power off

The VMware vApp can be powered off which powers off all the virtual machines and child vApps it contains. Power off operations are initiated in the reverse order of the startup configuration.

If a delay is set in the shutdown settings of a virtual machine in the vApp, the vApp waits for the set length of time before powering off that virtual machine.

Suspend

A vApp can be suspended which suspends all the child virtual machines and vApps it contains. Virtual machines are suspended in the reverse order of the specified startup order. Regardless of the suspend options that are configured on the individual virtual machines, the VMs are suspended as part of the suspend operation on a vApp

Resume

Virtual machines are resumed according to their startup order configuration.

 

Power operations available for the VMware vApp
Power operations available for the VMware vApp

Cloning a vApp

VMware vApps are an easy way to clone an entire application environment with all the dependencies for a particular application. Since the vApp is treated as a single entity, when you clone the vApp, it includes all the underlying virtual machines that are included. When you clone a vApp, like cloning individual virtual machines, you can choose the destination environment, including compute, storage, and networking for the resulting vApp and underlying virtual machines.

Beginning the process to clone a VMware vApp
Beginning the process to clone a VMware vApp

When you launch the vApp Clone process, you will notice that the New vApp wizard launches. You essentially interact with the same wizard with the Clone an existing vApp selected by default.

Beginning the process to clone a VMware vApp
Beginning the process to clone a VMware vApp

Select the ESXi host or vSphere cluster you want to house the cloned vApp.

Select the compute resource for the cloned vApp
Select the compute resource for the cloned vApp

Select a name for the cloned vApp as well as a folder location in the vSphere inventory.

Select a name and location for the cloned vApp
Select a name and location for the cloned vApp

Select the storage datastore to store the vApp virtual machines.

Select storage for the cloned vApp
Select storage for the cloned vApp

Map your network connections from the source virtual machines to the target environment networks.

Map the networking for the vApp virtual machines
Map the networking for the vApp virtual machines

Configure resource allocations for the cloned vApp. This includes the ability to configure scalable shares.

 

Configure the resource allocation for the cloned vApp
Configure the resource allocation for the cloned vApp

Review the configuration of the cloned vApp operation. Once you have validated the selections, click Finish to begin the clone process.

Review and finish the vApp clone operation
Review and finish the vApp clone operation

You will see the vApp clone process begin in the vSphere Client.

VMware vApp clone operation task
VMware vApp clone operation task

Exporting a vApp

One of the exciting capabilities of the VMware vApp is the ability to export the vApp as a self-contained OVF file. It makes a vApp extremely portable and easy to move from one environment to another using the normal OVF deployment process. Right-click the vApp and select OVF Template > Export OVF Template on the context menu.

Begin the process to perform an OVF export
Begin the process to perform an OVF export

The Export OVF Template includes a few settings. Name the vApp and choose Enable advanced options to display other settings related to the BIOS, MAC addresses, and extra configuration.

Choosing the VMware vApp OVF export options
Choosing the VMware vApp OVF export options

Nested child vApps

When working with vApps, you can house nested vApps in a parent vApp. If you have subcomponents of a multi-tier application that you want to treat as a single entity, the child vApp provides an easy way to do this. Subsequent virtual machines contained in the child vApp can be controlled by the child vApp management capabilities. The parent operations performed on the objects contained within the vApp, apply to the child vApp.

To create a new child vApp, right-click on the parent vApp and select Create Child vApp. It will launch the identical wizard you see when creating or cloning a new vApp.

Creating a new child vApp
Creating a new child vApp

VMware vApp best practices

VMware vApps provide an often underutilized construct in VMware vSphere environments. The vApp is especially powerful in the context of multi-tiered applications. It allows encapsulating all of the underlying virtual machines that house application dependencies to configure and manage these as a single entity. It provides a seamless and efficient way to ensure business-critical applications can be managed and deployed using a holistic approach. Take note of the following best practices:

  • Use vApps for multi-tier applications. The VMware vApp is a highly underutilized construct found in VMware vSphere. Using the vApp helps to focus on applications instead of the underlying virtual machines that back the application.
  • Take note that VMware vApps are dependent on vCenter Server. VMware vApp Metadata is contained in the vCenter database and needs to be protected accordingly
  • If you plan on using resource reservations with the VMware vApp, use the new scalable shares feature found in vSphere 7.0. It will ensure you are using the latest and greatest technology to deliver resource allocations to business-critical workloads contained in the vApp
  • Configure the startup options for the vApp virtual machines by creating the startup groups and any required startup delays. Doing this allows ensuring dependencies start and are available, so the application comes online correctly
  • Use child vApps to control specific subsets of application dependencies as a single unit. If there are multiple components required for the vApp, breaking these into smaller pieces controlled by child vApps helps manage the underlying subcomponents of an application.
  • The VMware vApp properties are “outside of” snapshots on the vApp that you may take. The snapshots capture state of the underlying virtual machines but not the property states of the vApp itself. Keep this in mind if you plan on rolling back the state of the vApp itself based on a snapshot.
  • Do use the clone or the export features of a vApp if you plan on reproducing the vApp environment elsewhere. It can prove to be a great way to create a dev or test environment using a clone or export of the production vApp environment.

Businesses today are keenly focused on applications and not the underlying infrastructure. Even though many of the workloads running on-premises today reside on virtual machines, providing access to the application is the most critical priority. The VMware vApp helps vSphere administrators manage the multi-tier infrastructure that backs applications seamlessly and effectively. It helps ease the management burden of application dependencies by grouping all of the required virtual machines and configuring the boot order of resources to ensure that dependencies are satisfied, and applications can come online without issue. Administrators can manage the underlying virtual machines as a group with a single operation instead of managing each virtual machine individually. It is a much smarter, effective, and more efficient approach to delivering application-focused infrastructure in the enterprise.

Share this post

Not a DOJO Member yet?

Join thousands of other IT pros and receive a weekly roundup email with the latest content & updates!

Leave a comment

Your email address will not be published. Required fields are marked *