260 likes | 398 Views
Building a Private Virtualization Infrastructure: Lessons Learned and Future Directions at UC Berkeley. Curtis Salinas, UCB. Agenda. Why Build the Private (Infrastructure) Cloud? Challenges UCB Environment Automation Security and Configuration Management Use Cases What’s next?.
E N D
Building a Private Virtualization Infrastructure:Lessons Learned and Future Directions at UC Berkeley Curtis Salinas, UCB
Agenda • Why Build the Private (Infrastructure) Cloud? • Challenges • UCB Environment • Automation • Security and Configuration Management • Use Cases • What’s next?
Why Build the Private Cloud? • Policy • Trust • Visibility • Control • Cost
Challenges • Virtual Machine (VM) Sprawl • Keeping up with high adoption rate • Securing the environment • Developing and maintaining standards
Challenges • Virtual Machine (VM) Sprawl • Keeping up with high adoption rate • Securing the environment • Developing and maintaining standards
UCB Environment • Virtualizing the hardware layer
UCB Environment • Shared Storage
UCB Environment • Clustered Hosts
UCB Environment • Clustered Hosts SPRAWL!
UCB Environment • Specialized Clusters SPRAWL!
UCB Environment • Specialized Clusters • Isolated storage • Dedicated networks • Tuned for specific workloads • Granular access controls
UCB Environment • Environment today • 3 Datacenters, 30+ hosts • 9 Clusters (3 multi-tenant, 6 dedicated) • 700 virtual machines • 80TB SAN storage
UCB Environment • Virtual Private Server (VPS) Service • Multi-tenant Environment • Berkeley Datacenter • DR Sites (UCLA, SDSC)
UCB Environment • ESX Service • Dedicated Clusters • Also available at multiple sites
Challenges • Virtual Machine (VM) Sprawl • Keeping up with high adoption rate • Securing the environment • Developing and maintaining standards
Automation • Scripted back-end processes • vSwitch management • Storage provisioning, pathing • Cluster analyzation • Host provisioning & configuration
Automation • Estimator – http://estimator.berkeley.edu • Quick and consistent provisioning • Audited process • Limiting the potential for (human) error
Challenges • Virtual Machine (VM) Sprawl • Keeping up with high adoption rate • Securing the environment • Developing and maintaining standards
Security and Configuration Management • Locking it down • Physical hardware • Network switch layer • Storage layer • Hypervisor
Security and Configuration Management • Principle of least privilege • Two-factor authentication • Log Retention • HyTrust Appliance • Auditing • Granular authorization • Compliance • Configuration Management
Use Cases • Petris Center • A Short Story or: How SAS almost took down the SAN
Use Cases • UC Merced • Offsite dedicated environment • Onsite consulting • Community Cloud?
Where to next? • Hybrid Cloud • Data Protection • Whole VPS instance backup • Disaster Recovery • Platform as a Service (PaaS) • Virtual Desktop Infrastructure/Integration (VDI)
VPS Service Costs • VPS Base (1 vCPU, 1GB RAM) - $22/month • Additional 1GB RAM or 1 vCPU - $6/month • High Tier Storage $0.98/GB • Standard Tier Storage $0.44/GB • Economy Tier Storage $0.18/GB • Low Tier Storage $0.08/GB • Guest systems support and backups separate • No bandwidth restrictions or metering
ESX Service Costs • Dedicated ESX host (minimum of 2 per cluster) $629/month • 24 “physical” cores • 96GB RAM • High Tier Storage $0.80/GB • Standard Tier Storage $0.40/GB • Economy Tier Storage $0.15/GB • Low Tier Storage $0.08/GB • No bandwidth restrictions or metering