UCL Data CentresInfrastructure Design
James Clements Emma Cardinal-Richards
Areas Covered
• Background• Design Process• Routing and Site Connectivity• Application Delivery Controllers• Switching• Storage• Security
Background
• Extensive dark fibre network• One logical data centre• Simplicity for applications• Stretched failure
Design Process
• Requirements Gathering• Current State• Vision• Plan• Design Validation • Business Validation
The White Paper: Key elements
• Active-Active• Disaster Recovery• No Cross DC Dependency• Symmetric architecture where possible• Auto-failover where possible• Converged Networking where available
Campus Network
Routing (Logical)
Routing (Physical)
SLB Current State
• Cisco Application Control Engine Service Modules
Application Delivery Controllers
• Essential for multi-site data centres• PoC market leaders• F5 solution selected
Future State - GSLB
• DNS-Based multi-site load balancing• Active/Active• Client location• Load distribution• Site failover
Future State - SLB
• No need to use the ADC to route• Service
optimisations • Delegated
administration
Switching Current State
Switching – Production Design• Leaf Spine Architecture• Nexus 5K• Fabricpath• VPC+• Dynamic FCoE
• New (but familiar) VM hosting platform
• New (but familiar) storage platform
• Decoupling the DCs
• Partially new software stack
Torrington Place 1 Wolfson House SloughTorrington Place #
Infrastructure Platform Vision
Storage Area Networking (SAN)
• Converged Networking (FCoE)• Collaborative working• Keeping existing storage design concepts• Dynamic FCoE over FabricPath • SANs existing within 1 Data Centre• Cisco Data Centre Network Manager
Security from a ISG view
Security – Network Style
Security ZonesSimplified!
FIREWALL
INTERNET
DATACENTRE
CAMPUS
RESEARCH
FIREWALL
INTERNET
DATACENTRE
CAMPUS
RESEARCH
SLOUGHTORRINGTON
PLACE
Standardised Service Design
• Separate IP space per datacentre for both IPv4 and IPv6• Symmetrical networks• Standardisation• Layered application design• Security
Service LayersPresentation Layer
Application Layer
Additional Service Layer
Data Layer
Clie
nts / E
xter
nal A
cces
sBl
ocke
d by
fire
wal
l by
defa
ult
Man
agem
ent L
ayer
VPN
Appl
icati
on D
eliv
ery
Cont
rolle
r
Client Traffic Service Traffic (direct or load balanced) Management Traffic Key
Current Layer NewApplications
Ad-hoc ACLs Network Security Firewall, ACLs, Zoned, SecuredApplication specific, secured by application, complex
Networking Layout Standard, Secure by Design, IPv6 Ready, Consistent
Not Required Global Server Load Balancing (GSLB) F5 BigIP GTMCisco ACE Server Load Balancing (SLB) F5 BigIP LTM
Split HA/BH Stacks, Non-representative Development
Hardware Stacks Single Converged Stack, Representative Development
VMware vSphere ESXi Virtualisation VMware vSphere ESXiVMware vSphere ESXi Virtual Mobility SRM or Zerto or VeeamNot Used Virtualisation Insights VMware Operations ManagerIBM HS22/23 Blades in BladeCentre-H Virtualisation Hardware Lenovo x240 Blades in Flex Chassis
Separate Ethernet/Storage Network Interconnect Converged Network AdaptorsIBM DS5100/v7000 G1/SVC Storage IBM v7000 G2/SVCSynchronous Everywhere Storage Replication AsynchronousIBM/Brocade Fibre Channel SAN Storage Networking Cisco Nexus ConvergedCisco Catalyst Ethernet Networking Cisco Nexus Converged NetworkOne Logical Site across Two Physical Physical Location Two Distinct Physical Sites
Physical Data Centres
</presentation>
• Thanks to all the (uncredited!) people from whom we have ‘borrowed’ drawings, photos etc.
• Even more thanks to all at JISC/Janet and Infinity who have been very understanding and accommodating of our shifting requirements and sometimes unusual requests.
Contact
James ClementsNetwork Core Services [email protected] Cardinal-RichardsSenior Network [email protected]
Recommended