Campus Virtualization Update

Laurie Collinsworth1/25/2012

CIT’s Managed Servers

2

Jun07 Dec07 Jun08 Dec08 Jun09 Dec09 Jun10 Dec 10 June 11 Dec 110

200

400

600

800

1000

1200

1400

Physical to Virtual Comparison

Physical VM's

Campus Virtualization Initiative started in April 2011 • Increase in VM’s since April 2011 is 386, ~50/month• Decrease in Physical servers since April is 38, ~5/month

~ 50 retirements ~ 15 new servers (eg. Oracle RAC, Email routers, FIM)

Blade Center in Rhodes Hall

CIT’s Virtualization Progress

Identity Management 59 VMs, all Extra Tier Virtualized Apps:

AD Cerificate Service Quest Migration Radius Kproxy/WebDAV Enterprise Directory Permit Service Web Services

Cold Fusion Hosting 180 VMs for CF9 Redundant load balanced (eg:cornell.edu on 8 VMs) 55 websites, 78 test and dev sites

Kuali 60 VMs, multiple JVMs per VM Horizontal scaling

Black Board 14 VMs for Version 9 Architecture stress tested before each new release

Kronos 12 VMs

LAMP Hosting 50 VMs for LAMP 2.0

3

CIT’s Moves to Cloud (Software as a Service)

Current cloud apps Gmail Box.net (pilot) Campfire (CIT incident response)

Planned migration OnDemand Remedy WorkDay CIT effort/time tracking (internal)

Investigations As applications are designed or upgraded,

time is taken to see if SaaS or out-sourcing is a viable option.

4

Hurdles to Virtualization

• AD Migration - in progress• Licensing – cost factor, OS level requirements• Services scheduled to be retired or replaced

• Mainframe printing• Oracle WebLogic

• Prioritizing of Staff to migrate applications• Typically applications are upgraded as servers are replaced,

not all at once.• Consultants configure applications and leave.• Staff reassignments or reductions

5

Non-supported Applications

• Hyper-V, Xen Desktop, ESX• Domain Controllers, DNS, DHCP• VPN, Firewalls, network scanners• Cpanel and other system and network

management software• Virtual appliances• Grey area: User “landing” machines really need

a separate security level within the datacenter. (eg: logging onto a server to run user apps such and mail and browsing the internet) 6

Enablers for Virtualization

• AD Migration – in progress• VM typically faster if physical server >2 yrs old• Self-serve VM provisioning• Self-serve CNAME creation• Monitoring and Reporting• Projects for PCI & off-site DR• Documentation

7

Self-Serve for Service Groups

• Available since Oct 12, 2011• 8 Service Groups configured

– CIT–Infrastructure, Facilities, Forest Home, Library– SAS, CALS, Arts & Sciences, COECIS

• 30 authorized requestors• 63 provisioned VMs (50 Windows, 13 Linux)• https://vmselfserv.serverfarm.cornell.edu/• http://sysdocs.cit.cornell.edu/twiki/bin/view/

Documentation/VmSelfServForCustomers8

Self-serve Configurations

• Pre-configuration for Service Groups– Service group, authorized requestors, approvals– Predefined projects, accounts, destination networks– Network size, network firewall, load balancer, ACLs– Default server administrators, local firewall– Windows: default Active Directory OU and domain-

based policies– Linux: default Cfengine class and SFAM role(s).– Predefined name: sf-agoit-001.serverfarm.cornell.edu– Web page options: vCPU, Memory, filespace, C4C

9

New DNSDB feature

• Available since Nov 10, 2011• Netadmins of a DNS domain name can create

CNAMES without owning the target name or IP space.

• http://dnsdb.cit.cornell.edu/dnsdb-cgi/batch.pl• addcname myfiles.cals.cornell.edu sf-agoit-001.serverfarm.cornell.edu • addcname myotherfiles.cals.cornell.edu cloudhost001.providor.com

10

Monitoring and Reporting

• From the ground up we monitor:• Power and cooling• Key-card door access• SAN storage arrays and network equipment• Ethernet network equipment• HP Chassis, blades, temperature• VMware environment (ESX hosts)• OS level environment (CPU, Memory, I/O, filesystem usage)• Registered applications (web, db, ldap, etc)

11

Foglight monitors Vmware

Opsview monitors the OS level parameters and handles traps

Projects for PCI and off-site DR

• PCI hardware in-house and racked• Geneva router to be upgraded• DR hardware in design phase

14

http://www.it.cornell.edu/cms/services/managed_servers/options/vmware/index.cfm

http://www.it.cornell.edu/cms/services/managed_servers/faq.cfm

Resources

• Infrastructure Virtualization Initiative– http://www.cit.cornell.edu/about/projects/virtual/

17