260 likes | 571 Views
Service Oriented Data Center. Mike Younkers SSEM, National Programs Operation. What is the Data Center ?. The Data Center is what happens between mouse click…. and screen refresh!. The Data Center is Evolving (again). DC Importance. New DC Infrastructure Requirements. Service- Oriented.
E N D
Service Oriented Data Center Mike Younkers SSEM, National Programs Operation
What is the Data Center ? The Data Center is what happens between mouse click… and screen refresh!
The Data Center is Evolving (again) DC Importance New DC Infrastructure Requirements Service- Oriented Mainframe Client Server Web / n-Tier Automated • Monolithic Infrastructure • Proprietary Platforms • Tightly Coupled App’s • Direct Attached Storage • Virtualized Infrastructure • Assembly from ‘Pools’ • Standard Components • Service-Oriented App’s • Distributed Infrastructure • Server Proliferation • Web Facing Applications • Storage Aggregation Server-Centric Service-Centric
EnterpriseApplications AUTOMATION Server Fabric Network Data Network Storage Network Dynamic Provisioning and Information Lifecyle Management (ILM) to Enable Business Agility Business Policies On-Demand Service Oriented VIRTUALIZATION LAN WAN MAN HPC Cluster GRID SAN Management of Resources Independent of Underlying Physical Infrastructure to Increase Utilization, Efficiency and Flexibility Intelligent Information Network Compute Network CONSOLIDATION Centralization and Standardization to Lower Costs, Improve Efficiency and Uptime Storage Compute Network Storage Evolution of the Data Center InfrastructurePhased Approach
Consolidation Virtualization Automation Virtualization • Scale • Performance • Density • Availability • Operational Manageability • Investment Protection • Net-Centric Server Evolution • Virtual Machine Network Coupling • Inline Data Protection • Separation of Policy and Forwarding • Power Savings • Service Velocity • Opex Alignment • Capital Utilization Improvement Innovation and Integration • Unified Network Fabric • Integrated Provisioning • Data Center Class Platform • Integrated Services Data Center Strategy and Evolution 5
What does a SODC Deliver?: • Intelligent Management Fabric • Automatic data center infrastructure provisioning based on a set of pre-defined policies/business rules. • On-Demand Utilities • Data center resources are drawn from a shared pool when needed, and returned when not. Business units/application owners are only charged for the resources they consume, eliminating redundant resource expenses. • Rapid Delivery of Services • Cisco’s SODC provisions new processing or storage resources to meet an application's new requirements within minutes, rather than weeks or months. • Resource Optimization • Storage, servers and applications are optimized for maximized reliability, availability and serviceability. • End-to-End Security • Robust, easily managed security solution ensures highly sensitive proprietary data is accessed only by those with appropriate clearance
How does a SODC Support Mission Objectives: • High Availability • Automatic resource provisioning and reduced client-impacting service outage times. • Enhanced Continuity • Intelligent security applications based on data type and criticality ensure robust transmission and monitoring. • Improved Agility • Capacity aligned to demand easily adapts to changing mission requirements and enables scaling on new resources in minutes instead of days. • Lower TCO • Significantly reduce server and data center operating expenses by lowering system administrative overhead, diminishing the number of dedicated compute hosts and utilizing inexpensive commodity hardware.
What Does A SODC Look Like? Compartment A Compartment B Compartment C Server Consolidation Web Servers RemoteWorker Data Center Headquarters VPN DWDMNetwork IP WAN Web Servers Data Center Branch Compartment A Compartment B Compartment C
Back End SAN Front End LAN HPCApplications Back End SAN N-Tier Applications Integrated Application Optimization Server Clusters ACNS Integrated Security FC/iSCSISAN FC/iSCSISAN Firewall VPN Resilient IP Web Servers MDS GSS SSL CSS/ACE RAID RAID App Servers GE/10GE Tape Anomaly Detect/Guard IDS Tape WAAS DB Servers Metro Network DWDM/SONET/Ethernet MDS Backup Data Center Data Center Overview
Blade Servers UNIX/NT Servers Mainframes ServerLoad Balancing Management and ProvisioningFramework Application Control Engine Low Latency RDMA Virtual I/O High Performance Compute (HPC) Clusters ApplicationMessage Services EMBEDDED COMPUTE SERVICES SSL Off-load EMBEDDED APPLICATION NETWORK SERVICES DDOS Guard Firewall Services Intrusion Prevention Secure Virtual Fabrics EMBEDDED SECURITY SERVICES Fibre Channel Fabric Hosted Applications StorageVirtualization Infiniband Fabric AssistedApplications Data ReplicationServices GE / 10GE EMBEDDED STORAGE SERVICES FICON Storage & Tape Arrays Services Embedded in the Fabric SFS 7000 Catalyst WAAS AVS InternetMPLS VPNIPSEC/SSL VPN SFS 3000 SERVER NETWORK EMPLOYEE / PARTNER / CUSTOMER ACCESS NETWORK ONS 15000 SONET/SDHxWDMMetro Ethernet FCIP Enterprise Applications MDS 9500 STORAGE AREA NETWORK DATA CENTER INTERCONNECT NETWORK
Instant Messaging PLM CRM Unified Messaging Rich Media Conferencing ERP Contact Center HCM Procurement Video Telephony Unified Comm. Clients SCM DDOS Guard Fabric Hosted Applications ProtocolOptimization Low Latency RDMA Intrusion Prevention Unified Communication Services Security Services Fabric AssistedApplications SSL Off-load Firewall Services ServerLoad Balancing Compute Services Virtual I/O StorageVirtualization Mobility Services Secure Virtual Fabrics ApplicationMessage Services Identity Services Data ReplicationServices Storage Services EMBEDDED COMPUTE SERVICES EMBEDDED SECURITY SERVICES EMBEDDED APPLICATION NETWORK SERVICES EMBEDDED STORAGE SERVICES SFS Family Catalyst Family MDS Family ONS Family The Data Center is a Proof Point for SONA COLLABORATION LAYER APPLICATION LAYER Middleware and Application Platforms Services Management Application Delivery Application-Oriented Networking Infrastructure Services INTERACTIVE SERVICES LAYER Adaptive Management Services Network Infrastructure Virtualization Campus Branch Data Center Enterprise Edge WAN/MAN Teleworker NETWORKED INFRASTRUCTURE LAYER Building Control network & Physical Security Server Storage Clients Routing
Architecture Framework Three functional areas map to access control, path isolation, and services edge. Functions Access Control Path Isolation Services Edge Branch - Campus WAN - MAN - Campus Data Center - Campus Identify and authenticate client Isolate into a segment Grant/prevent access Map client VLAN to transport technology Transport client traffic through isolated path Terminate isolated path at destination edge GRE MPLS VRFs Map isolated path to destination VLAN Apply policy at VLAN entry point Isolate application environments Compartment ACompartment BCompartment C
Access Control • Objective • Authenticate users or devices logging onto the network • Process • Identify endpoints • Authorize onto the network through port activation • Associate endpoint to specified user group • Primary authentication scenarios • Client-based authentication for endpoints with client software • Clientless authentication for endpoints without client software
Path Isolation • Objective • Isolate traffic, so that users only have access to designated data and resources • Process • Using separate Layer 2 domains to logically isolate traffic negates scalability and modularity benefits of hierarchical network design • Alternatively, traffic separation can occur in the Layer 3 domain • Distributed access control lists (ACLs) • Overlay of GRE tunnels interconnecting VRFs • VRFs at every hop interconnected with VLAN trunks • MPLS/BGP VPNs GRE MPLS VRFs
Services Edge • Provides mechanisms required for users from different groups to securely access common services • Provides access to user-group-specific services • Provides logical connectivity and security mechanisms over shared facilities
Shared Data Center Services Virtualized Data Center Architecture Compartment A Compartment B Compartment C Layer 3 Switch Network Management Intrusion Prevention Detector PIX Firewall SSL VPN Concentrator Wide Area Network Compartment A (500 employees) Compartment A (100 employees) Compartment B (200 employees) Compartment B (200 employees) Compartment C (30 employees) Compartment C (10 employees) Site A Site B
The Application Control Engine Application Control Engine • Multifunction application solution for the Cat 6500 • Incorporates … • Existing Layer 4-7 SLB and application delivery functionality • Industry-leading application performance, throughput, and firewalling capabilities • a new extensible hardware and software architecture • Delivers new … • Logical partitioning and workflow simplification delivering 66% reduction in time-to-deployment • Management and monitoring solution including role-based access control for each partitionand XML API control • Software upgrade to the Application Velocity System, the leading acceleration and security solution AVS 6.0
Cisco Catalyst 6500 Integrated Services V V V V V V V V Non-virtualized Solution(s) Non-Virtualized Offering Cisco Solution Integrated Network ServicesVirtualization Delivers Service Density Cisco Solution Benefits: • Simplified Operational management • Less Power Consumption • Less Rack Space • Reduced Ports and Cabling • Lower Maintenance Costs • Business Requirements: • Business Segmentation • Application Specific Security • Discrete Service Levels • Service Velocity • High Availability • Predictable Performance Number of Devices, cables, power Firewall SLB 1 IDS 1 2 3 4 5 6……… Number of Applications
Integrated Network Services Power of Architecture - Service Integration and Density With ACE and FWSM deployed in a Catalyst 6500 these services reside in the network fabric, eliminating the appliances and their associated load Application servers typically have multiple appliances associated with them. For Cisco IT this equaled an additional 2.7kW per server Savings = 2.7kW x total servers x kW/hr Cisco IT Estimates $23.5M over 3 Years Support for 200 contexts • Firewall • Load Balancer • SSL Offload Reduces complexity, increase manageability, reduces latency, and eliminates single points of failure
Datacenter management – Industry trend Source: Gartner Infrastructure Maturity Model, Nov 2004
Data Center Management – Products vFrame Data Center ANM Data Center Manager
Policy VFrame picks server with right criteria to run application and boots server VFrame gives new server right VLAN and LUN info so it can find/be found by right clients and storage End-to-end Data Center Provisioning VISIONCisco Virtualized Data Center Administrator Define application services and pass policy to VFrame Catalyst 6500 WAEE AONS VFrame translates policies to actions and passes to infrastructure AVS Application Network Services VFrame identifies right App / OS Image From storage Blade Servers UNIX/NT Servers Mainframes VFrame™ Virtual Server Clusters DCE Application: SAP Image Enterprise Grids Performance Security VFrame provisions security policies to Firewall Service Module Availability Accounting VFrame provisions CSM Module to add new server to load balancing pool MDS 9500 Application Service Provisioned! Storage & Tape Arrays
Creating Virtual Services from Physical Infrastructure PODs Physical PODs Network Pool Server Pool Storage Pool VFRAME Data Center Automation • Specific resources selected from pools • VLANs, VSANs are configured • Macros are played • SAN is zoned • Servers get booted with assigned image • Application(s) are started • Traffic into logical network turned “on” Virtual Service Template Virtual LUNs Virtual Network Services VLANs VSANs VMs