The following is one of a collection of articles that addresses strategy around hybrid cloud architecture and IT as a Service.
A private cloud is built upon a virtualized network, along with storage and compute resources. Many virtual networks are overlaid on top of the shared physical network, logically separating tenants on the shared resources. One challenge is that the physical network lacks visibility into the topology of the overlays. A second obstacle is that network overlays utilizing standard vSwitches do not allow for security and network policies to live-migrate with VMs.
While both VMware’s Virtual Distributed Switch (vDS) and the Cisco Nexus 1000V mitigate these barriers, the Cisco virtual switch also incorporates the physical network. The Nexus 1000V has evolved to become the foundation for a cloud networking stack that integrates both physical and virtual networking resources. It introduces virtualization-awareness or intelligence to allow for the added complexities of VM-mobility, dynamic resource allocation and virtual services.
CLOUD PERFORMANCE CHALLENGES
Organizations across the world have utilized the data center consolidation capabilities of virtualization to reduce facilities, power and hardware costs. But provisioning new VMs often still requires significant time and manual processes by the server, storage, network and security administrators. A 2011 study sponsored by CA Technologies, The State of IT Automation, showed that 47% of the virtualized organizations queried reported taking a week or longer to provision a virtual machine.
Of course even a week to provision a VM is typically much faster than the time to procure a physical server, and the cost is only a fraction of its physical counterpart. On the other hand, rather than satiating the business needs, quicker access to less expensive computing generates more demand. This phenomenon, known as Jevons paradox, makes it still more difficult for IT to keep up with business unit requirements.
Private clouds can eliminate bottlenecks by automating the provisioning of virtual machines, but they introduce much greater demands on the underlying physical networks, and automating tasks for a wide variety of applications and policies can be challenging. The physical infrastructure must be very flexible to allocate the proper resources quickly and efficiently to meet the changing, dynamic demands. It must be able to support the amount of virtual workloads coming in along with increased requirements for security and multi-tenancy in a highly dynamic environment.
Hybrid clouds necessitate still greater demands on the network which now must facilitate workloads moving dynamically between private and public cloud providers. The network must be able to scale to the cloud while the underlying physical infrastructure grows to support it.
CLOUD MANAGEMENT CHALLENGES
When standard vSwitches are deployed in the application server (resident within the hypervisor), server administrators typically install and manage virtual switches. The network team understandably becomes apprehensive as they lose visibility into the network and security policies, while requiring extra effort to retain visibility to network traffic at the new network edge. They remain responsible for the integrity of the network, yet
no longer can apply policies and quality of service (QoS) that remain consistent as virtual machines migrate throughout the environment and resource allocations ebb and flow.
This lack of visibility and control commonly results in restricting the type of applications that can be virtualized to the less impactful and less mission-critical. This in turn limits the organization’s ability to implement a private cloud and achieve the business benefits of large-scale virtualization.
THE CISCO NEXUS 1000V
Cisco introduced its Nexus series switches in early 2008. The Nexus 1000V is the virtual edge (or access layer) switch in the portfolio; it shares the same NX-OS as the physical models, and thus the same features and management interfaces, making it appear as a seamless extension of the physical network. In VMware environments, the Nexus 1000V requires VMware vSphere Enterprise Plus Version 4.1 or later, and it replaces the standard VMware vSwitch embedded in the hypervisor. Nexus 1000V has announced support for Microsoft Windows Server 2012 Hyper-V which is currently in beta test, as well as open source hypervisors slated for next year.
While Nexus 1000V started as a layer 2 virtual switch, it is now a switching platform supporting a variety of virtual services. It has really come to mean the entire virtual network stack including virtual services, policy management, orchestration and network programmability.
The Nexus 1000V enables tighter integration between the physical and virtual network and puts control of the network back in the domain of the network experts. The network administrators gain both virtual traffic visibility and can now apply network and security policies that follow virtual machines as they vMotion between hosts. The networking and security teams are consequently much more likely to support virtualizing Tier-1, mission-critical and regulated servers without compromising compliance objectives, reliability or performance.
The ability for the network team to monitor, manage and troubleshoot both the physical and virtual networks with the same familiar Cisco commands and tools can significantly reduce administration time and learning curves. They can instead focus their efforts on driving increased business value via the orchestration and automation as part of a private cloud.
Some of the Nexus 1000V attributes include:
ROI: Virtualization enabled data center consolidation provides a huge ROI by increasing resource utilization and reducing costs. This ROI is further realized by the Nexus 1000V which provides the virtual network requirements to lower the cost to deploy a VM.
ROI is enhanced by enabling virtualization of Tier-1, DMZ and regulated servers and by vastly simplifying administrative requirements across both physical and virtual networks. Savings are also increased by enabling virtual workloads to migrate over larger resource pools including public cloud for at least some of the organization’s capacity. The Nexus 1000V reduces costs by providing operational consistency and visibility throughout the network, while providing the same level of application services and security for mobile workloads as have been traditionally deployed in physical data centers.
Scalability: The Nexus 1000V enables better performance for large virtual networks. It also starts up very easily. And since it is a flat configuration file, if a problem occurs, just the configuration file needs to be restored. By supporting Cisco Data Center Interconnect (DCI) technologies like LISP and OTV, the Nexus 1000V overlays can support live migrations between data centers and cloud locations.
Security: While the VMware Virtual Distributed Switch (vDS) enables vSphere host control of VM traffic, the Nexus 1000V provides VM port control. All of the other Cisco IOS features are also made available to VMs such as NetFlow, port security, access control lists, etc. The Nexus 1000V also supports a virtual ASA firewall (the ASA 1000V), as well as the Virtual Security Gateway (VSG) firewall that allows access rules based on VM attributes.
Multi-tenancy: Network traffic isolation is achieved with VXLAN tunnels that represent the individual network overlays. VXLANs operate similar to VLANs in the data center, but are thousands of times more scalable for these larger cloud environments. VXLANs can also extend over Layer 3 networks for greater scalability. The Virtual Extensible LAN (VXLAN) is a collaborative effort between Cisco, VMware Cisco and Red Hat.
vPath: vPath is a feature of the Nexus 1000V virtual switch that can redirect traffic to virtual tapplication services before the switch sends the packets down into the virtual machine. It avoids the necessity of running an appliance such as a firewall or zoning appliance, on every host, or of directing traffic to physical appliances with VLAN stitching. Rather than consuming host resources, vPath allows virtual service nodes to be located on a Nexus 1010 services appliance, again giving the networking team better control and visibility of the deployment of network services and policies.
VMware vCloud Director integration: VMware vCD enables instantiation of many vApps on demand, requiring network segments for each instance of applications. The combination of vCD and Nexus 1000V enables self-service isolated network provisioning for multi-tenant environments.
Cloud Migration: As organizations implement cloud computing, they are forced to consider the integration of the physical and virtual networks. The Nexus 1000V, rather than requiring a rip-and-replace of the physical layer, enables management and features consistency across both environments. This enables a smooth transition between physical and cloud.
As organizations become cloud ready, they no longer just think about hypervisors and switches but instead focus on services, management and orchestration pieces. The virtual network focus similarly will be on programmable components, not on individual switches or routers. Traffic is logically isolated, enabling each business unit to feel as if it owns the entire network. Even all of the BU virtual networks are overlaid on top of same physical infrastructure.
THE CLOUD FUTURE
The Nexus 1000V owns the edge of the network. It is programmable, meaning that because it has APIs it incorporates the advantages of Software Defined Networking (SDN). Cisco’s cloud stack not only will facilitate extremely rapid application deployment and orchestration of applications in a private cloud, but also between private and public clouds.
NETWORKING AS ENABLER OF CLOUD is one in a series of articles that create the conversation of “High Availability in a Hybrid World.” These assets are meant as a resource for IT decision makers who are faced with the challenge of creating either a hybrid cloud or IT as a Service strategy.
HYBRID CLOUD DEFINED
Hybrid cloud is a composition of two or more clouds (private, community or public) that remain unique entities but are bound together, offering the benefits of multiple deployment models.
By utilizing hybrid cloud architecture, companies and individuals are able to obtain degrees of fault tolerance combined with locally immediate usability without dependency on internet connectivity. Hybrid cloud architecture requires both on-premises resources and off-site (remote) server-based cloud infrastructure. Hybrid cloud provides the flexibility of in-house applications with the fault tolerance and scalability of cloud based services.
IT as a SERVICE DEFINED
(ITaaS) is an operational model where the IT organization of an enterprise is run much like business, acting and operating as an internal service provider. In this model, IT simplifies and encourages service consumption, provides improved financial transparency for IT services, and partners more closely with lines of business. This type of IT transformation is business focused rather than cost focused, leading directly to improved levels of business agility. Typically, ITaaS is enabled by technology models such as Infrastructure as a Service (IaaS) and Platform as a Service (PaaS), all of which are part of cloud computing.
For more information please contact us at Presidio.com