VFrame Data Center - Cisco

© 2007 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 1

VFrame Data Center

Cheng Jang Thye, Business Development Manager

Data Center Solutions

[email protected]


Infrastructure Challenges Facing Data Center Professionals Today

� Islands (silos) of applications and infrastructure (OS/architecture-dependent)

� Dedicated server and/or application stacks

� Multi-OS, multi-architecture heterogeneous data center environments

TraditionalData Center

Siloed Infrastructure

App1 App2 App3

Server Server Server

SAN Island

SAN Island

SAN Island

Power/CoolingInefficiency

Overwhelming Security Requirements

Costly High-Performance Computing

Rigid Stove-Piped Infrastructures

Proliferation of Disparate Platforms

Low Server and StorageUtilization


How would you define a next-gen Data Center?

� Simple to manageCentralized Management, Resource auto-discovery

� GreenConsolidated, Energy Efficient

� Resource ControlCoarse-grain control over Virtualized Resources

� Security in DepthEmbedded and transparent

� Application Performance/Capacity ManagementOn demand resource provision


Solution?

� Mainframe

� Virtual Machine


Mainframe

� Simple to manage

� Green

� Resource Control

� Security in Depth

� Application Performance/Capacity Management


Virtual Machines

� Simple to manage

� Green

� Resource Control

� Security in Depth

� Application Performance/Capacity Management


Requirements for Next Gen DC

� Centralized Provisioning of CPU, I/O, Security, Storage resources

Standardized CPU, I/O, Security, Storage

� Models to support Logical to Physical Mapping (virtualization or 1-to-1)

� Templates to support reuse and customization

� Integration with other management tools

� Integration with wide range of vendors’ offerings in CPU, I/O and Storage


Potential Challenges

� Server

What OS, Version Control, Application Deployment, Boot Device, Swap Device

� Network Addresses

Branch->DC network need to be decoupled

� Security Management

Centralized Security Policy administration for all firewalls, hosts, including VMs

Centralized Event Co-relation and Monitoring

� Path Isolation

Security isolation for multiple payload on shared connectivity (WAN, LAN, SAN)


Introducing Cisco VFrame DC

Cisco VFrame Data CenterNetwork-Driven Service Orchestration

SOI Control Layer

Storage Pool

SAN NAS

Server Pool Network Pool

Data Center Networked Infrastructure

MonitoringIBM Tivoli, HP Openview, BMC Patrol, CA Unicenter

Business Service Management

Mercury,Tideway, BMC

Management and Monitoring

Element Managers Cisco Fabric Manager, VMS,

CiscoWorks, ANM

Virtualization Managers

VMware VirtualCenter

� Orchestrate across infrastructure resources

� Platform for service abstraction

� Integrate with other management systems


MacrosMacros

5

SOAP/XML APISOAP/XML API

3

Server AgentServer Agent

4

Components of VFrame Data Center

Graphical user interfaceGraphical user interface

VFrame Data Center (Primary)

VFrame Data Center(Secondary)

Active synchronizationAutomated Failover

VFrame appliances

1

2


Design to Operate Workflow for SOI

Design

Deploy Switch port configVLANs, DHCP, Trunks, SVIs,

Zones, VSANs, LUNsNFS

volumes

Image MgmtRemote Boot VM Mappings

VIPs, LB policies

Firewall SelectionFirewall chainingFirewall rules

Operate Automated Failover Policy based resource optimization

Service MaintenanceManagement Integration thru API

Discover Boot OS /Application

ServerI/O

SAN Infrastructure

Firewall L4-L7LANs

Service Template

Resources

Service Networks

Policies


� Increase agility

� Catch up to pace of business

App1

Virtualized Storage Pool

Virtualized Server Pool

App2 App3

Virtualized Network and Network Services

VirtualizationBetter utilization, flexibility, mobility of applications/data

� Reproducible processes

� IT resources closely aligned with application and business needs

AutomationPolicy-based adaptive

service-oriented infrastructure

App Svc.1

App Svc.2

App Svc.3

Service Network 1 Service

Network 2

Service Network 3

ConsolidationImproved utilization,

power efficiencies, lower costs

App1

Shared Storage

Standardized Servers

App2 App3

Scalable Data Center Network (LAN+SAN)

� Regain IT asset control

� Lower operational expenses

Evolving to a Service-Oriented Infrastructure


VFrame DC: Interfaces� Java Webstart GUI

– Downloaded through web browser

– Client is based on Java and runs locally on desktop/laptop

– Rich functionality including topology view and drag and drop design

�Web Service Interface

– Primary interface for 3rd party applications

– Ability to integrate to custom management tools

– Offers bi-directional support for policies, monitoring, discovery and

� Setup CLI

– Out of box installation and initial setup


VFrame DC: Service Templates

� Logical Infrastructure

– Application infrastructure represented as a logical design

– No binding to physical devices

– Captures the ordered list of events and associated actions and macros needed to start/stop/verify a network

� Rule based design

– Logical links carry network definitions

– Parameters such as VLANs and IP addresses can be abstracted into variables and need to be entered only once

� Export and Import

– XMLized representation is exportable

– Import of exported template to another VFrame appliance

Linux/Web Windows/App1 Linux/App2

SAN Storage NAS Storage

Single Tier Web Service

Multi Tier App Service


VFrame DC: Service Template Design GUI

Drag and Drop Canvas

Event Map

Logical Resource

Palette


VFrame DC: Service Template: Events & Actions

Pre defined and user

defined events(Green)

System defined actions(Blue)

User defined actions using

macros(yellow)


VFrame DC: Macro Framework

XML/PerlMacro Script

____________________________________________________________


____________________________________________________________


____________________________________________________________

Storage Array Manager

Catalyst Switch

MDS Switch

Server Lights Out Management

Macros are written externally and imported into the VFrame Macro Library

Architect designs service templates and creates macro associations

Operator provides variable values while designing application network based on template

VFrame executes macros based on policy based events on the appropriate devices with variable substitutions

VFrame Macros cannot affect the operations of any other network other than the one they are intended

Communication between VFrame and the end device is always secure during Macro execution

Macros can provide status and error status when available from the device


VFrame DC: Discovered Resources� Server

– Server discovery and inventory of CPU, Memory, Local hard disk

– Server to switch port binding for Ethernet and Fibre Channel

– LOM and server/LOM binding

� Storage– Storage LUN Discovery

– NAS Volume Discovery

� SAN– MDS Switches, VSANs, Zones and IVR

� Network– Cat6k chassis, L2/L3 connectivity and L2

topology

– VLANs, SVIs

� Network Services– Service modules (FWSM, CSM), pre-

created contexts and HA pairs


VFrame DC: Network Discovery� Credentials

– User and enable passwords for switches provided by user

– Secure, encrypted store for credentials

� CDP based initial discovery

– Seed device and discovery radius provided by user

– Rediscovery happens automatically on user provided schedule

� Two part inventory

– SNMP query of CDP discovered devices

– CLI login and configuration read of devices through SSH

� API based import of managed devices


VFrame DC: Storage Discovery� SAN

– SAN Fabric discovery through Cisco MDS Switches

– Zones, VSANs, IVRs

– Support for dual fabrics

� Storage Array (FC)

– Discovered through Storage Macros

– Storage Macros are scripts that interface with storage management tools such as EMC symcli

– LUNs, masking and mapping information

� Storage Array (NAS)

– NetApp discovery done through ONTAPI API

– Filer volume information and quota tree


VFrame DC: Server Discovery� LOM Macros

– Macro scripts that control power status (on/off/reset) of server

– Used to trigger network boot

– First time discovery is server initiated

� Inventory OS

– PXE based mini boot image sent at first network boot to server

– Gathers server attributes by running locally on the server and reporting back to VFrame

� Comprehensive discovery

– Classic server discovery with CPU, Memory, Make, Model information

– Unique correlation of Etherent and Fibre channel switch port connectivity to server NICs and HBAs


VFrame DC: Resource Pooling� Pool Types

– Static and Dynamic Resource Pools

– Grouping based on resource attribute

– Attributes can follow Boolean logice.g. Servers with 2 CPUs AND 4GB memorye.g. Switch port with IOS version xx

� Resource Types– Resources can be physical or logical

e.g. physical server, storage, IP addresses, VLANs

� Pool Association– Service levels of the service

networks can be controlled through the assignment of appropriate resources

– Example: High powered servers for high priority application

Server Group

LUNGroup

FW ContextGroup

Attribute F

ilter

Attribute F

ilter

Attribute F

ilter


VFrame DC: Service Templates and Networks

BusinessApplicationTemplate

BusinessApplication

Network1

BusinessApplication

Network2

BusinessApplication

Networkn

Server Pool(Physical and virtual servers)

Storage Pool(VSANs, LUNs)

Network Pool(IP, VLAN,

Firewall & Load Balancer Contexts)

ValidateDeployStartStopSuspendMaintenance Mode


VFrame DC: Policy Framework� Policies are trigger – action pairs

– Uses monitored variables

– Thresholds defined according to business rules

– When thresholds are met or exceeded for pre defined time intervals, alert is generated

– Built in policies for time based start/stop of networks and servers

– Load based policies for server addition and deletion

– Server Host Agent monitors CPU and memory utilization

– These can be used as triggers for server add/delete

� Service networks can be associated with one or more policies depending on business requirements

� Policy triggers can be external through the API


VFrame Data Center Benefits:Templates for Repeatable, Consistent Provisioning

� Service Infrastructure design aligned with business objectives

� Simplicity of provisioning: Design once, deploy many

� Each instance customizable with application/customer parameters

� Template portability across VFrame appliances

3 Tier Service Template HR Apps

Finance Apps

Sales Apps


VFrame Data Center Benefits:Rapid Infrastructure Deployment And Failure Recover y

� End-to-end service visibility with rapid failure detection

� Maintenance mode for temporary service suspension

� Remapping of failed device from resource pool

� Configuration of new resource with identical properties of failed resource

Load Balancer Pool

Maintenance mode for temporary suspension of service

Resource reallocation from

pool

X

Failure detection through health

monitoring


VFrame Data Center Benefits:App to App Infrastructure Repurposing

� Server counts for each application based on business needs

� Time-based policies or triggers through API to add or delete servers for applications

� Dynamically move low utilization physical servers to high utilization applications to preserve service quality

Shared Data Center Infrastructure

Application A Application B

Cisco VFrame

High App DemandServers Added

Low App DemandServers Returned


VFrame Data Center Benefits:Touchless Server Failover with N+1 Sparing

� Automatic replacement of failed servers from spare pools

� No administrator involvement needed

� Remote boot, IP network, and SAN configurations for the new server done automatically and are identical

� New server runs same networked OS image as the failed server

Server A

Server B

XBoot

Image

SAN Fabric

Server ASpare

IP Network


vFrame + VMware


The Impact of Virtual Machines on Networking

AFTERBEFORE

Physically separate infrastructure

Network services and policies are fully contained within the network

(single management domain)

Fewer Apps = Lower I/O requirements

Traditional networking architecture – port based

mapping and access control

Identity of the physical servers (network address) used to provide differentiated application services

within the network

Logical and virtualized infrastructure

App/Server Consolidation = High I/O requirements per port – yet fewer ports

Multiple VMs identified by multiple network addresses per physical server. Software virtual switch enables communication

between VMs and the network

Increased architectural complexity – new security model – per virtual machine control

needed

ESX Server virtual switch creates a dual management domain as network

services and policies exist both within the server and the network


The Impact of VM Mobility on Networking� Flat Layer 2 Topology

It works, but…

… grouping too many physical servers on the same VLAN creates scalability, availability and security issues

Not a recommended practice, but still very common today

� Segmentation Using VLANs

VLAN Tagging implemented by software virtual switch

It works better, but…

…VMs need to be migrated within same VLAN

V VV V V VVV V

VMotion

V VV V VV

VMotionV

V


VFrame™ Services with ESX Deployments

ESX

OS

App

OS

App

OS

App

OS

App

Cisco

VFrame DC

VMware

VirtualCenter

VMCreationImage LoadMobilityGrid balancing

L2 Network Services802.1qVLAN MembershipL4-L7 Services AssociationsESX Boot

SAN ZoningLUN maskingLUN mapping

ESX

OS

App

OS

App

OS

App

OS

App

X86 Server

API

Storage Pool

Network Pool

X86 Server

ESX

OS

App

OS

App

OS

App

OS

App

ESX

OS

App

OS

App

OS

App

OS

App

OS

App

OS

App

OS

App

OS

App

Cisco

VFrame DC

VMware

VirtualCenter




ESX

OS

App

OS

App

OS

App

OS

App

ESX

OS

App

OS

App

OS

App

OS

App

ESX

OS

App

OS

App

OS

App

OS

App

OS

App

OS

App

OS

App

OS

App

X86 ServerX86 Server

API

Storage Pool

Network Pool

X86 ServerX86 Server


Server Virtualization and Network OrchestrationPolicy based provisioning automation

Challenge

Network Requirements

Achieve bare metal ESX provisioning within minutes with coordinated storage and network access configurations

1. Dynamically connect bare-metal server to required V LAN / VSAN

2. Enable loading of ESX Hypervisor Layer from remote storage

3. Associate required network properties to newly load ed server or VM (IP addresses, security, network services etc)

Benefits

• ESX Servers capacity can be dynamically provisioned from generic pool

• Doesn’t require pre-positioning of servers on same network segment


Server Virtualization and Network OrchestrationServer Consolidation without Compromise

Challenge

Network Requirements

Achieving server consolidation with security, avail ability and performance

1. Provide per VM front-end segmentation (VLANs, ACLs, 802.1Q etc)

2. Provide per server back end segmentation(VSANs)

3. Optimize server performance(I/O trunking and consolidation, SSL/TCP offload, multicast etc)

4. Apply services according to per VM policies (firewall, SLB, app optimization etc)

BenefitsMeet application performance and availability servi ce levels and

compliance requirements


VFrame Services with ESX Deployments

ESX

OS

App

OS

App

OS

App

OS

App

Cisco

VFrame DC

VMware

VirtualCenter




ESX

OS

App

OS

App

OS

App

OS

App

X86 Server

API

Storage Pool

Network Pool

X86 Server


CSM

VFrame DC: Sample deployment

Catalyst 6500

SAN

FWSMMDS 9216

NAS

Campus/ WAN/VPN

Campus LAN/WAN

EMC CX-500

NetApp FAS 200

VFrame DC Appliance

Diskless Servers

FC Link

Ethernet – VLAN 249

Ethernet – VLAN 500

Ethernet LOM– VLAN 501

VFrame Data Center - Cisco

Documents

Transcript of VFrame Data Center - Cisco