Upload
arturo-saavedra
View
471
Download
0
Tags:
Embed Size (px)
Citation preview
Industry VM Trends as They Compare with Current VM Standards
Virtualization
• End-Goal– Leverage current and viable infrastructure and process technologies
with application architecture– Expedite adoption of VM technologies and cost savings with future
technologies via more thorough application interface• Virtualization Opportunities
– Environmental Limitations• Security• Network• Operational
– More Thorough Unix Virtualization Roadmap Needed• Solaris is the only mature roadmap being investigated• Linux on VMWare has not been accepted due to limitations
– Lack of Direction Towards Storage Virtualization
Typical Virtualized Host System
VM Physical Host
Hypervisor/Host OS (ESX)
OS VM OS
VM
OS VM OS
VM
Shared Resources
CPU Memory Storage Network I/O
Virtualization Risks
VMs and Network/Security• Issues
– Network/Security standards targeted to silos– Lack of communication/relationship of a common goal
• Opportunities– Leverage current and viable technologies with cooperation with
Network/Security– Expedite VM technologies and cost savings with future
technologies or viable non standard technology• Next Steps
– Setup a COE with Network/Security• Short term goals• Long term goals
– Elicit participation from Operations, Architecture and Business Unit Teams
Verizon Internal Data Network**
DMZ
Different Network Trust Regions
Definitions:
SSN: Secure Subnet, access systems and to mgmt consoles and mgmt system is restricted. Filter request in a per application basis/submission.
DMZ: The same definition as SSN, except we have customer facing systems.
Restricted Zones: Areas where we might have cages and government security guidelines that apply to personnel. Could be in a DMZ or SSN as well as regular Network.
Server E
Server F
SSN
Server C
Server D
RestrictedZone
Server A
Server B
**Terminology might differ depending on the business unit
Server G
Server H
SSN or DMZ
Physical Host 1
IDN
Physical Host
OS OS
OS OS
A B
Physical Host 2
A B
Physical Host 3
A B
• Different IDN qualified OS/App instances can be virtualized inside the same physical servers
• SSN or DMZ OS/App instances can only be virtualized inside of physical servers dedicated for that specific application
• A new physical server required for the turn up of a new application in SSN or DMZ
• Can not bridge physical or virtual instances across network segments (IDN to SSN and/or DMZ bridging)
Legend
Instance Color Denotes Virtual Application or OS Instance
BADenotes 2 Separate Instances of Same Application or OS
Proposed Virtualization @ Segment Level
Physical Host/Hypervisor
Console Access
Secure Access
Regardless of Network Segment
Placement, OS/Zone Firewall
Required
• App/OS virtualized instances inside of a physical host are required to have their own firewall established as if they were an ordinary physical server
• Console access to the physical host/hypervisor is restricted and needs to be accessed via a secured method
• The access and standardization of such console and process will be key for network/security agreement to further VM Infrastructures
Proposed Centralized Physical Host Access and VM Firewalls
App/OS Instance B
App/OS Instance B
IDN
Physical Host 1
App A App B
Free App E
Physical Host 2
App B App C
Free App G
V-Motion like procedures allowed across different physical hosts with different applications at IDN only
Existing VM Transfers Between Physical Systems @ Internal Data Network Segment
Right hand side description points out today’s ability to migrate between physical hosts.
This is something that is allowed in our VMWare farms and could also be implemented across different non VMWare VM infrastructures
SSN or DMZ
Physical Host 1
A B
C Free
Physical Host 2
B Free
D Free
V-Motion like procedures allowed across different physical hosts as long as physical hosts are isolated to the same application
Proposed VM Transfers Between Physical Systems @ SSN and/or DMZ Segments
Right hand side description points out today’s ability to migrate between physical hosts.
In this example, we’re more constricted. We can migrate VM across physical servers, only when they’re part of the same application because each application must reside in the same subnet
Proposed Optimization of Virtualization @ Physical Layer
• We’d like to get to a point where the virtualization technologies and security allows us to mix different network environments
• Preferred technology would be integrated virtual I/O instead of dedicated interface cards
• We’ll need further reviews with security and network to allow this to happen
IDN/DMZ/SSN
Physical Host
A B
C D
App A&D Prod & Dev (IDN Dedicated NIC)
App C (SSN Dedicated NIC)
App B (DMZ Dedicated NIC)
Integrated Virtual I/O Interfaces
Example of Lack of Strategic Load Balancing Standard for VMs
Example of a recent project in which a request for Load Balancing services could not be provided due to rules regarding LB and subnets.
In this example, intelligent LB needs to be provided by BUA for systems located in BUB. Network path access from BUB users would be twice that of BUA and in the event BUB was the only user, then it would be counter productive.
Linux and VM• State Today
– Linux targeted as strategic goal for enterprise– Part of thrust into Open Source Solutions– No viable virtualization strategy for ML (Medium/Large) Linux
Requirements {Medium/Large make up most of the requests}• Linux Virtualization Opportunities
– Modification of Current Standards• Unisys Intel architecture scales vertically • IBM Intel architecture scales vertically• HP/IBM midrange offerings provide most mature Linux VM
technologies
– Accelerate Application from DB/Web Segregation• Decrease application with OS dependent footprint• Reduce size of OS dependent footprint for Linux
Goal for SUN and VMWare Virtualized Environments
VMWare Physical Host
Hypervisor/Host OS (ESX)
Linux VM Linux
VM
Windows VM Windows
VM
Shared Resources
CPU Memory Storage Network I/O
SUN Physical Host
Solaris 10 Global Zone
Solaris 10 Container
Shared Resources
CPU Memory Storage Network I/O
Solaris 10 Container
Solaris 10 Container
Solaris 10 Container
Intel Based ESX Farm Benefits• Cost Effective, Large Consolidation Factor 12:1• Supports Linux, Windows, Solaris (Non Standard)• Hypervisor and Guest VM Independence
Limitations
• Large Linux VM Footprints Do Not Fit Here• Need to Maintain Large Consolidation Factor
SPARC Based SUN System Benefits• Cost Effective• Supports Large Solaris Footprints
Limitations• Only Supports Solaris 10• Global Zone and Container Dependency• Smaller Consolidation Factor (OPS Target 4:1)
Example: EOSL (end of serviceable life) to Virtualized Targets
EOSL Candidates
Legacy Tru64
HP
Legacy Solaris
SUN
Legacy AIXIBM
Port to Target OS Linux &
Solaris 10
Linux Redhat
Solaris 10
App/HW Eval
Code Port
3rd Party Port
Virtualization Target
Virtualization Assessment
VMWare Farm
Linux VM
SUN Containers
Linux VM
Linux VM
Solaris Container
Solaris Container
Solaris Container
Goal for SUN and VMWare Virtualized Environments
VMWare Physical Host
Hypervisor/Host OS (ESX)
Linux VM Linux
VM
Windows VM Windows
VM
Shared Resources
CPU Memory Storage Network I/O
SUN Physical Host
Solaris 10 Global Zone
Solaris 10 Container
Shared Resources
CPU Memory Storage Network I/O
Solaris 10 Container
Solaris 10 Container
Solaris 10 Container
Intel Based ESX Farm Benefits• Cost Effective, Large Consolidation Factor 12:1• Supports Linux, Windows, Solaris (Non Standard)• Hypervisor and Guest VM Independence
Limitations
• Large Linux VM Footprints Do Not Fit Here• Need to Maintain Large Consolidation Factor
SPARC Based SUN System Benefits• Cost Effective• Supports Large Solaris Footprints
Limitations• Only Supports Solaris 10• Global Zone and Container Dependency• Smaller Consolidation Factor (OPS Target 4:1)
Vendor Strength’s & Weakness
HP
Strength• 4 Major OS
Offerings• Mature vPar and
Future VM Capabilities
Weakness• Dependence on
Itanium• Decreasing
OpenVMS Market
• Future ISV Support
IBM
Strength• Leaders in
Virtualization• Leaders in Mgmt
Aspects of Virtualization
• P5 and P6 Performance Unmatched
Weakness• Can be Expensive
if not Properly Used
• Limited to 2 Supported OSes
SUN
Strength• Solaris Footprint
is considerable• Lower Cost
Weakness• Reliance on
Solaris 10• Limited to 2
Supported OSes • ISV Support
VMWare
Strength• 3 Major OS
Offerings• Industry
Accepted• Mature Product• Cost
Weakness• Dependence on
AMD and X86 Architecture
• Vertical Scalability
Storage Virtualization• State Today
– 3 Business Units on Different Technologies– Centralization of Support Organizations
• Linux Virtualization Opportunities– Virtualization @ Frame Level
• Less complicated to execute• Exists today• Vendor lock possible
– Virtualization outside the frame• Outside component
– Has been proven and functional at other companies– Adds another layer of complexity
• @ Cisco/Router/Switch Level– Not as widespread as other technologies– Possibly biggest benefit as technology drives towards fiber encapsulation
Storage Virtualization Options
Most Common Storage Virtualization TechnologiesCurrent , Available and Possible Storage Virtualization Strategies
Current:
No standard storage virtualization roadmap will hinder future server virtualization technologies. Data growth is out-pacing storage cost decline due to PCI/SOX requirements.
No storage ILM direction will continue to increase cost
Future:
There are 3 viable options. Virtualize within frame, go outside of frame or possibly go with a Cisco/Switch Solution for storage virtualization
Vendors such as HDS can provide @ frame
level
Vendors such as IBM can provide @ external component
level
Virtualization @ Switch/Router Layer
Stor
age
Virt
ualiz
ation
Virtualization Would Occur Within the Cisco Layer
Future Fiber within IP
Encapsulation
IP S
witc
hing
Switch Fabric Environment
Any Frame
server @ F
ram
e Le
vel
HDSserver
Exte
rnal
Com
pone
nt
IBM
server