Scalable Virtual Desktop Infrastructure Using Brocades CloudPlex Architecture

Technical Overview This paper describes how Brocades CloudPlex architecture enables large-scale deployment of virtual desktop infrastructure: tens of thousands of desktops on a global scale. It identifies the challenges in the data center, campus LAN and wide area networks that need to be considered and reviews how key elements of the CloudPlex architecture including fabrics, open systems and global reach, effectively meet these challenges.

NETWORK MANAGEMENT

TECHNICAL BRIEF

CONTENTS
The Importance of a Virtual Desktop..........................................................................................................................................................................................3 Challenges of Large Scale VDI Deployment ............................................................................................................................................................................3 Impact on the Data Center..............................................................................................................................................3 Impact on the Campus LAN ............................................................................................................................................4 Impact on the Wide Area Network ..................................................................................................................................5 Brocade CloudPlex Architecture...................................................................................................................................................................................................5 CloudPlex is Fabric-Based ...............................................................................................................................................6 CloudPlex Is Open ............................................................................................................................................................7 Virtual Compute Block .............................................................................................................................................8 OpenStack ................................................................................................................................................................8 OpenFlow ..................................................................................................................................................................8 CloudPlex is Global ..........................................................................................................................................................8 Applying the CloudPlex Architecture to Large-Scale VDI Deployment ...........................................................................................................................9 Brocade Virtual Cluster Switching ..................................................................................................................................9 Brocade Virtual Compute Blocks ................................................................................................................................. 10 VCB Integration with VMware View..........................................................................................................................................................................................11 Pre-tested, Factory Integrated Components for Fast Time to Service ...................................................................... 12 Fabric-based Scale-out Architecture ........................................................................................................................... 13 Other Requirements for Large Scale VDI Deployments...................................................................................................................................................13 Integration with Campus LAN....................................................................................................................................... 13 Integration with WAN .................................................................................................................................................... 14 Integration of Security Services ................................................................................................................................... 14 Access Control and Transparent Support of IPv4 and IPv6 Devices......................................................................... 15 Monitoring, Management and Traffic Analysis ........................................................................................................... 15 Scaling Out the VCB Solution for VMware View .......................................................................................................... 17 Testing VCB for Scalability and Supportability......................................................................................................................................................................18 Summary...........................................................................................................................................................................................................................................19

Scalable Virtual Desktop Infrastructure Using Brocades CloudPlex Architecture

2 of 19

NETWORK MANAGEMENT

TECHNICAL BRIEF

THE IMPORTANCE OF A VIRTUAL DESKTOP

Desktop computing is ubiquitous and represents a growing cost for IT. Updating operating systems and applications has become very time consuming and costly while securing access to data has become more complex. Virtual Desktop Infrastructure (VDI) offers a solution. VDI separates the desktop operating system and application configuration from the physical device. Instead of managing individual desktop devices in a distributed manner, the software stacks (operating system plus applications and configuration settings) are hosted in the data center using a master catalog of pre-built and tested configurations. Users are assigned to a particular standard configuration that supports their role. When they connect to the VDI environment, applications run on virtual servers with screen updates pushed over the network (campus LAN or WAN) to the users display. Users can use a less expensive device, such as thin or zero clients, to attach to the network while accessing the familiar desktop environment and applications they have when using a traditional desktop or laptop PC, or they can use their PC with images pushed to them upon login. Hosting the desktop operating system and applications in the data center simplifies change control, configuration management, disaster recovery and can lower power consumption since thin clients are more power efficient than full functioned personal computers. Of course, VDI has to deliver a user experience that is comparable to the one expected with a full function PC. From a user perspective, latency is a critical metric of user experience. Clearly, VDI has attractive advantages. But, VDI has to be built on top of an architecture that can scale, quickly migrate desktops and user data between data centers when needed, while simplifying management and configuration. Hence, VDI relies on a network architecture that cost-efficiently supports these requirements. These considerations are especially relevant when scaling VDI to tens of thousands of users located anywhere in the world. In short, a cloud computing architecture is ideal for VDI as it enables global client mobility as well as on-demand scalability. Brocade has an architecture for cloud computing called CloudPlex that can be applied successfully to large-scale VDI deployments. This paper discusses the CloudPlex architecture and then shows how it has been applied to VDI solutions in conjunction with our partners.

CHALLENGES OF LARGE SCALE VDI DEPLOYMENT

Although VDI offers a solution to long-standing problems associated with cost-effective management of desktop computing environments, it also creates network challenges, particularly when deployed on a continental or global scale. To better understand the requirements, its helpful to break the network into three segments: the datacenter, the campus/LAN and the WAN. Each is impacted by the shift in traffic created by VDI solutions and in turn the limitations of each affect the overall network design.

Impact on the Data Center

Server virtualization affords a cost-effective way to host large numbers of VDI instances. Combined with image management software to clone operating system and application configurations, a virtual machine can be created with a standard desktop configuration. As a client initiates a connection, the session is directed to an available virtual machine with an image specific to the user so they access their own desktop, applications and storage. A pool of available VMs can quickly meet new demands, and VMs can be removed from the pool and unnecessary physical servers can be powered down to minimize power and cooling during periods of low demand. Server virtualization has affected the data center in many ways. Most striking is the growing need to update the network to meet the unique demands of virtual servers. For example, virtual machines are moved across physical servers for various reasons including load balancing, power management, maintenance and updates, etc. This is one of the attractive benefits of server virtualization as moving a VM does not cause any disruption to the application running inside the virtual machine. However, networks were not designed with this capability in mind. Networks assume applications are fixed to specific servers that in turn are physically attached to the network and rarely change where they connect in the network. With virtual machine mobility, this is no longer the case. Traffic loads change, static network policies tied to physical

Scalable Virtual Desktop Infrastructure Using Brocades CloudPlex Architecture

3 of 19

NETWORK MANAGEMENT

TECHNICAL BRIEF

ports can move, and small layer 2 switching domains restrict virtual machine mobility, limiting its benefits. The advantages of virtual machine mobility apply to large-scale VDI deployments as well. As more applications take advantage of server virtualization, both the IP network and storage networks need to provide more bandwidth to the server. With 10 or 20 applications running on a single server that used to host only one, the network bandwidth grows considerably. And, as connections are used to share both IP and storage traffic, logical isolation of traffic becomes important so issues with one type of traffic cant disrupt other types. This has driven higher bandwidth connections to servers and more bandwidth between network switches and routers. Quality of Service for both IP and storage networks has become much more common as it provides the tools required for logical traffic isolation on a shared network. One other area that has changed is the traffic patterns in the data center network. In the past with many remote clients accessing an application on a single server, most network traffic was north-south moving between the access layer where the data center servers are through an aggregation layer and then routing to the core to the campus LAN or WAN networks. Data center networks could have high oversubscription ratios across these three tiers (access, aggregation, and core). But today, with new Web 2.0 applications, server virtualization using live virtual machine migration and storage traffic running over the IP network, there is a lot of east-west traffic that must efficiently move across the layer-2 LAN network. This is driving changes in Ethernet that is the primary layer 2 technology. Problems include Spanning Tree protocol limitations on scalability and resiliency, static network policies that cant keep up with virtual machine migration and the complexity of configuration and management as more layers and devices are added at layer 2. Another important consideration is storage. Direct attach storage captive inside the server is insufficient. For VDI, shared storage pools connected to a storage network are required as virtual machines host the VDI environment and they require shared access to a common storage pool. Many storage features can be effectively leveraged to simplify operations and reduce cost, including thin provisioning, de-duplication, block level replication for cloning and disaster recovery, snapshot for on-line backup and duplication and solid state disk for high performance. Brocade has a long history in the storage market as a pioneer of Fibre Channel networking, the first scalable solution for shared storage. Today, Brocades fabric technology is available and supported by all major storage vendors for every type of block access storage network protocol including Fibre Channel, iSCSI and Fibre Channel over Ethernet (FCoE), as well as file accessed storage using NFS and CIFS. The Virtual Compute Block architecture discussed later is flexible and able to support all block storage and file access protocols. A single VCB configuration can incorporate one or more types of block storage and all storage vendor provided storage optimization features. Cost-effective solutions of VCB modules can be easily deployed side-by-side, or specific storage network protocols and storage arrays can be used in different environments to meet varying environmental, operational, performance and cost requirements. Security is of course an important requirement particularly in the network. Firewalls, load balancers, intrusion detection and protection, virus detection are all critical elements of the network. With VDI, security must now extend to desktop application traffic where previously that traffic never left the desktop or laptop computer. Therefore, security services have to scale to support much higher traffic rates. Higher performance and reliability are clearly important design requirements. Configuration of security policies must be consistent and encryption services such as secure sockets layer (SSL) must be relied on to protect information flowing between thin clients and the applications hosted in the data center.

Impact on the Campus LAN

With VDI, the traffic on the campus LAN will increase due to application traffic now flowing from the thin/zero clients to the application hosted in a virtual machine in the data center. More bandwidth, low latency and higher availability are essential to the VDI user experience. Users wont tolerate sluggish response or lack of access to their personal applications and data. Redundancy of paths, ports and network switches are therefore important in the design of the campus LAN. One other valuable capability is Power over Ethernet (POE) support. With POE, thin/zero client devices that attach to the campus network receive

Scalable Virtual Desktop Infrastructure Using Brocades CloudPlex Architecture

4 of 19

NETWORK MANAGEMENT

TECHNICAL BRIEF

the power they need from the same Ethernet connection used to attach to the network. POE is common for Voice over IP (VoIP) environments to power telephone handsets and this same technology can be efficiently used for thin/zero clients reducing facilities costs.

Impact on the Wide Area Network

For global companies, VDI can benefit from global load balancing and efficient migration of desktops, data and licensing between data centers as users move. For example, employees may relocate to a new office or be on temporary assignment overseas. Its important to support migration of their personal configuration and data to a data center more suitably located so latency and user experience requirements are met. For companies with multiple data centers in a given geography or who purchase hosting services for VDI, being able to migrate user desktops and data efficiently over the WAN are also important. In a geography with multiple data centers, global load balancing of VDI connections is an effective way to ensure uniform user experience should WAN links become congested or outages occur. For some environments, improved disaster recovery using stretched server clusters between regional data centers via MPLS/VPLS services, are important design requirements. Stretched clusters may be advantageous for routine service and maintenance of network equipment and servers so currently running VDI instances can be moved to an adjacent data center whenever required. The challenges of large scale VDI deployment are very similar to the challenges most enterprises are already facing as they look for ways to reduce cost and improve agility with cloud computing. To assist customers with strategic planning, Brocade developed a cloud architecture called CloudPlex. CloudPlex can be directly applied to the challenges of large scale VDI Deployment.

BROCADE CLOUDPLEXTM ARCHITECTURE

Today most enterprise infrastructure looks like a combination of internal and external resources and for most companies, largely location independent. Corporate data centers are placed across continents while cloud service providers offering outsourced services, (e.g., SFDC, Google Mail and Google applications, AWS, Ring Central) are being leveraged more and more. Consequently, this is the era of the virtual enterprise. Today, enterprises are increasingly combining their own IT resources with outsourced services and cloud computing delivering universal access to ever-more mobile users. Making businesses run on top of this fully distributed infrastructure is challenging.

Figure 1. Brocades CloudPlex architecture for cloud computing To address this transition, Brocade developed an architectural called CloudPlex. It is designed around three pillars necessary to make the transition from dedicated, static infrastructure captive to a single application

Scalable Virtual Desktop Infrastructure Using Brocades CloudPlex Architecture

5 of 19

NETWORK MANAGEMENT

TECHNICAL BRIEF

or user, to a world of virtual computing dynamically assembled from loosely coupled virtualized resources, platforms and highly distributed application components.

CloudPlex is Fabric-Based
Fabric technologiesoriginally developed for FC SANs and now being brought to Ethernet-are the key to radically simplifying the network, improving scale, and optimizing resource utilization with virtual machines. Fabrics are a foundational element of highly virtualized and cloud networks. They take us back to what networking was supposed to bea seamless entity for any to any communications. So what is driving the need? It is really very simple. Networking is designed to support business applications. When the applications change, the underlying network has to change. This is what is driving the evolution of the layer 2 network to fabrics technology. Historically, applications have been written as monolithic programsconnected to big compute nodes and

Ethernet Fabrics
Compared to classic hierarchical Ethernet architectures, Ethernet fabrics provide higher levels of performance, utilization, availability, and simplicity. They have the following characteristics at a minimum: Flatter. Ethernet fabrics eliminate the need for Spanning Tree Protocol, while still being completely interoperable with existing Ethernet networks Flexible. Can be architected in any topology to best meet the needs of any variety of workloads. Resilient. Multiple least cost paths are used for high performance and high reliability. Elastic. Easily scales up and down at need. More advanced Ethernet fabrics borrow further from Fibre Channel fabric constructs: They are self-forming and function as a single logical entity, in which all switches automatically know about each other and all connected physical and logical devices. Management can then be domain-based rather than device-based, and defined by policy rather than repetitive procedures. These features, along with virtualization-specific enhancements, make it easier to explicitly address the challenges of VM automation within the network, thereby facilitating better IT automation. Protocol convergence (eg Fibre Channel over Ethernet, or FCOE) may also be a feature, intended as a means of better bridging LAN and SAN traffic.

. attached to appropriately sized network and storage elements. Scaling relied on replacement of the server with a larger model. Applications were commonly deployed on dedicated servers limiting flexibility while hindering maintenance and disaster recovery. Virtualization has altered that model by introducing an abstraction layer between the application and the underlying hardware. The application can move to whatever hardware platform has the best price/performance characteristics. This has become a compelling model for hardware resource management in the data center.

Scalable Virtual Desktop Infrastructure Using Brocades CloudPlex Architecture

6 of 19

NETWORK MANAGEMENT

TECHNICAL BRIEF

Another trend transforming application stacks is shown in Figure 2: applications are written in a much more modular way where individual components use the network to communicate with each other reliably with low latency. One example of this new model is having a web front-end, database tier and application tier all tied together with a middleware layer over a SOA bus. For this new application stack, low latency, resiliency and high availability are critical requirements of the network as a single component can support many applications so an outage of a single component can have wide ranging, negative effects.

Figure 2. Application stacks are becoming collections of distributed modular components Using this application architecture, some of the supporting elements like firewalls, intrusion detection and prevention systems (IDS/IPS), are being implemented inside virtual machines. So the modern application stack is becoming a collection of smaller components communicating with each other over a high speed, low-latency, and resilient network. With virtualization, the components themselves may move from server to server optimizing service levels and utilization, reducing power and cooling costs while simplifying maintenance and disaster recovery. The challenge is that the networks weve built over the past decade were not designed to efficiently support this new application stack. The limitations inherent in existing network designs are getting in the way, so network design has to change accordingly. One clear transition is industry recognition of the need for flatter, lossless and low latency networks. One way to achieve this is with an Ethernet fabric architecture as a fabric provides exactly the qualities needed to address the challenge. With its fabric heritage, Brocade recognized early the advantages of bringing core fabric characteristics to Ethernet, and released its Ethernet fabric technology, called Virtual Cluster Switching (VCS), in 2010. VCS is discussed in more detail in the section titled, Brocade Virtual Cluster Switching.

CloudPlex Is Open
The second is leveraging open interfaces and standards. The CloudPlex architecture promotes the combination of best of breed components, open routing, provisioning, and management interfaces. Open systems for networking create healthy competition, speed innovation, and ultimately result in faster customer adoption and better price efficiency. This has been true in computing and in application development, so clearly its applicable to networking as well.

Scalable Virtual Desktop Infrastructure Using Brocades CloudPlex Architecture

7 of 19

NETWORK MANAGEMENT

TECHNICAL BRIEF

To enhance openness and interoperability, CloudPlex incorporates three components as shown in Figure 3.

Figure 3. CloudPlex is an open architecture

Virtual Compute Block A Virtual Compute Block (VCB) is Brocades solution for facilitating the interconnection of Best-of-Breed Components into building blocks for scaling virtualization. VCB is part of our partner-based development initiative to design, test and pre-configure modular virtualization solutions. For example, we are working with hypervisor vendors and our partners to integrate their offerings using our VCB solution. OpenStack One of the tenets of cloud computing is data center wide orchestration of virtualized resources with just-intime provisioning. In the past, network infrastructure provisioning and management frameworks were specific to the hardware vendor. Multiple frameworks were needed, each having limited interoperability with the other. Today, an organization called OpenStack.org was started to address this problem. OpenStack is an interoperable set of management tools that make management of the network infrastructure transparent avoiding lock-in of network devices with management functions. Therefore, OpenStack software is being integrated into cloud computing architectures used by many companies. OpenFlow OpenFlow is the emerging standard for software-defined networking that could provide improved optimization of network services in large-scale environments. The control plane becomes an open platform using standard APIs so network services and optimized traffic policies can be integrated more quickly across multiple vendors routers and switches. Service provides are adding cloud computing services to their offerings and OpenFlow has drawn attention as an approach to solving a number of challenges in large-scale multi-tenant service environments such as the public cloud. Brocade has joined the OpenFlow community and is actively engaged in development of OpenFlow components and research projects.

CloudPlex is Global
One of the assumptions of the CloudPlex framework is that everything has to be considered in a global context. VMs and data cant just move across a couple of servers and storage arrays; they have to be capable of moving across the world. Users are becoming much more mobile. IT services arent monolithic anymore and are distributed so efficient, secure and cost-effective data center-to-data center connectivity is critical in a cloud computing architecture. No matter how fast networks get, there is delay caused by the finite speed of light when you separate users, applications, and data over distance. Optimizing the user experience is essential and requires the ability to move application execution and data closer to users whenever degraded user experience requires it. Efficiently and securely moving application components and data between data centers is important not only for disaster recovery but for cost-optimization by minimizing power and cooling surcharges and optimizing software license charges.

Scalable Virtual Desktop Infrastructure Using Brocades CloudPlex Architecture

8 of 19

NETWORK MANAGEMENT

TECHNICAL BRIEF

One other growing requirement of global access is the reality of limited availability of IP addresses worldwide. Today, the current IP addresses, IPv4, are no longer available for allocation from IANA the central clearinghouse for IP address allocation. A new and vastly larger set of addresses, IPv6, is available and already being used in various industries, federal government agencies, and by Internet providers in some countries. However, Internet devices using IPv4 cant directly connect to devices using IPv6 as the IPv6 address structure is not backward compatible with IPv4. Solutions exist for Internet service providers and for enterprises and are integrated into the CloudPlex architecture.

APPLYING THE CLOUDPLEX ARCHITECTURE TO LARGE-SCALE VDI DEPLOYMENT

This section discusses how key elements of the CloudPlex architecture are being applied to the problem of large-scale VDI deployments. Brocade has been actively working with partners to help our customers costeffectively scale VDI environments. First, its important to understand two essential building blocks that are unique to Brocade. The first is Brocades Virtual Cluster Switching (VCS) technology, which provides advanced Ethernet fabric capabilities. The second, Virtual Compute Blocks (VCB), leverage fabrics to develop open, pre-configured, cost-efficient solutions for scaling server virtualization in the data center. Virtual Compute Blocks rely on scale-out more than scale-up to meet growth requirements. Brocades VCS technology with Ethernet fabrics is well suited for this architecture while shared storage using SAN fabrics is a proven technology for scaling storage resources.

Brocade Virtual Cluster Switching

Brocade VCS technology allows you to create efficient data center networks that just work. Ethernet fabric architectures built on Brocade VCS technology share information across nodes and can be managed as a single logical chassis, greatly simplifying management and reducing operational overhead. Brocade VCS technology offers unmatched VM awareness and automation versus traditional architectures and competitive fabric solutions and supports storage over a unified fabric when you are ready.

Figure 4. Brocade Virtual Cluster Switching with Ethernet Fabric

Scalable Virtual Desktop Infrastructure Using Brocades CloudPlex Architecture

9 of 19

NETWORK MANAGEMENT

TECHNICAL BRIEF

Only Brocade VCS technology, backed by a heritage of proven fabric innovations, delivers IT agility and assures reliability, with a cost-effective point of entry to allow you to transition gracefully to elastic, highly automated, mission-critical networks in your virtualized data center. VCS technology is embedded in the Brocade VDX Data Center Switch portfolio. Brocade VDX Data Center Switches are available today to enable you to build Ethernet fabrics to support cloud-optimized networking and greater enterprise agility.

Brocade Virtual Compute Blocks

Brocade introduced Virtual Compute Blocks as a way to simplify server virtualization deployments and address many of the challenges facing customers who plan to extensive deploy it across their data centers. A Virtual Compute Block (VCB), shown in Figure 5, is designed to take maximum advantage of Brocade networking solutions (IP and storage networks) in an open way so all server and storage partners can plug in to a standard networking architecture.

Figure 5. Virtual Compute Block Solution with VMware The platform leverages the advantages of data and storage. A fabric is designed to address the stringent scalability, availability, resiliency and manageability requirements of virtualization. It is architected to exploit modularity for simpler management and much shorter time from purchase to deployment. Using the VCB solution, Brocade works with storage and server partners to quickly construct, test and validate modular compute blocks for server virtualization. These pre-built modules are designed to be orderable as single unit ready for deployment, allowing customers to choose from several module configurations based on their virtualization requirements. A unique capability of the VCB solution is built-in network scalability. This means customers can easily connect different VCB solutions together to quickly scale out their virtualization infrastructure. Key to this scale-out capability is the inherent properties of fabrics: multipath, resilient, flexible, lossless, low latency and scalable. Brocades Virtual Compute Block solution is flexible. For instance, 1 GE or 10 GE ports for server access are provided on any port in the switch. Storage support includes Fibre Channel, iSCSI, Fibre Channel over Ethernet for block access and file-based access via CIFS and NAS.

Scalable Virtual Desktop Infrastructure Using Brocades CloudPlex Architecture

10 of 19

NETWORK MANAGEMENT

TECHNICAL BRIEF

VCB INTEGRATION WITH VMWARE VIEW

Soon after introducing the VCB architecture VMware began working with Brocade to create server virtualization solutions. They recognized the value of VCB flexibility, scalability and efficiency for customers who need a proven solution for rapid virtualization scale-out. A reference architecture using VCB for server virtualization is under development. The VCB architecture can also be used to address the challenges of large scale VDI deployment. Pre-built configurations are being developed that offer cost-effective solutions that can meet the VMware View Reference Architecture supporting 5,000 seats in a single management Pod. The key to this flexibility is a modular architecture combined with the scalability of the VCS Ethernet Fabric. This provides cost-effective deployment from small to large so customers never buy more than they need. In particular, the VCB for VDI solution is able to: Enable performance and scalability as Brocade and VMware provide the price/performance, end-toend VDI and network products to allow users to build VDI solutions that meet the performance requirements of a user and scale to support wide-scale VDI deployment. VMware View optimizes the provisioning and deployment of desktops using features like Integrated Application Assignment, Tiered Storage, and Single Sign ON (SSO). Unlike classical, hierarchical Ethernet architectures, Brocade Ethernet fabrics provide higher levels of performance, utilization, and availability. With this solution, organizations are able to scale easily by utilizing plug-and-play architecture enabled by Brocade VCS technology to add compute and storage capacities dynamically. Brocade converged network adapters (CNAs) are fully featured 10 GbE NICs that provide stateless networking offloads such as TCP checksum and segmentation for improved performance and more efficient CPU usage. Brocade CNAs support Virtual Machine Optimized Ports (VMOPs) to offload the hypervisor of essential virtual switching tasks, such as incoming packet classification and sorting tasks, helping to reduce latency and improve throughput while freeing CPU cycles. Brocade CNAs drive throughput of 500K IOPs per port. Other advanced features in the CNA and Brocade VDX switches, such as stateless networking offloads and active-active connection, provide even higher performance and throughput. Provide security with powerful, validated functions from best-of-breed vendors enabled via VMware View PCoIP security gateway, which allows secure connections to the desktops with stronger authentication without VPN connections. The solution protects the virtual desktops from malware and viruses. Brocade ADX Security Shields can be added to deliver wire-speed multi-gigabit-rate protection from Denial of Service (DoS) and Distributed DoS (DDoS). Ease migration as Brocade and VMware products are built on open standards and validated for interoperability with leading server, storage, and network vendors. This allows customers to leverage their existing infrastructure for VDI without resorting to rip and replace. In addition, Brocades support for multiple protocols (such as TRILL, DCB, iSCSI, NAS, and FCoE) and pay as you grow modular expansion allow users to expand and use new technology and products at their own pace and budget. VMware View is fully compatible with vSphere, and View is tested and certified for all the major host operating systems. Drive lower TCO as the solution utilizes best-of-breed products built on the strengths of two companies that are market innovators. The solution utilizes a virtualization platform with VMware vSphere and View in conjunction with the Brocade VDX 6720 family of data center switches and the best options from leading compute and storage vendors. Organizations can choose the best options to realize the greatest ROI at the lowest TCO.

Scalable Virtual Desktop Infrastructure Using Brocades CloudPlex Architecture

11 of 19

NETWORK MANAGEMENT

TECHNICAL BRIEF

Pre-tested, Factory Integrated Components for Fast Time to Service

One of the prime goals for VCB solutions was to dramatically reduce the time to deployment. As shown in Figure 6, one VCB design under development supports VMware View VDI. Joint testing and validation among the partners ensures factory integration eliminates problems commonly encountered when trying to build an equivalent solution on the data center floor.

Figure 6. Brocade VCB solution for VMware View

Scalable Virtual Desktop Infrastructure Using Brocades CloudPlex Architecture

12 of 19

NETWORK MANAGEMENT

TECHNICAL BRIEF

Fabric-based Scale-out Architecture

As shown in Figure 7, the VCS Ethernet fabric enables a scale-out architecture that is simple to leverage.

Figure 7. Scaling Brocade VCB solution for VMware View In this example using Dell Servers and iSCSI Storage, each VCB module consists of an integrated rack of servers and storage optimized for a particular number of VDI seats based on the compute and storage components used. Design considerations include number and type of CPU processor, memory, IO, storage array ports, spindles and LUN placement, and network connectivity to servers and storage. In this example, 1,000 seat VCB modules are shown. With VCB solutions, different size modules can be designed to fit within a rack optimized for the desired cost/performance metric. The modular architecture provides an extensible pool of compute, storage and Ethernet Fabric connectivity that simplifies scale-out by attaching multiple modules together via the VCS Ethernet Fabric.

OTHER REQUIREMENTS FOR LARGE SCALE VDI DEPLOYMENTS

From the previous overview of the CloudPlex architecture, there are other network requirements that extend beyond the design of a Virtual Compute Block optimized for VDI applications. These include integration with the Campus LAN, integration with the WAN, security and how to transparently support traffic between IPv4 and IPv6 devices.

Integration with Campus LAN

User access to their desktop commonly relies on a campus LAN network. The impact can be on both wired and wireless connectivity and includes larger bandwidth, higher availability and resilience and converged management of wired and wireless infrastructure. With thin clients, Power over Ethernet (POE and POE+) maybe attractive so devices are powered from the same Ethernet port they use to access the data center network. More mobile devices are being used to access information and data using laptops and pad computing devices. Simplified management and configuration of wireless networks has driven new approaches moving configuration and security to the wireless network controller and out of the access points. This improves scalability, reduces configuration time and improves reliability. All of these are important for VDI traffic over the campus LAN.

Scalable Virtual Desktop Infrastructure Using Brocades CloudPlex Architecture

13 of 19

NETWORK MANAGEMENT

TECHNICAL BRIEF

Integration with WAN

For large-scale VDI deployments across continental and global distances, the WAN is the path between the user device and their desktop environment. Critical issues for integration include acceptable latency to meet user experience requirements. In general, for users who live and work in within the same region as the data center hosting their VDI seat, this isnt a problem. However, managing access control, security and efficient load balancing of connections is important for the user experience. Application delivery control (ADC) is an important part of the WAN design. With ADC, access can be efficiently secured using proven protocols such as SSL connections that are terminated and managed by the ADC service rather than taxing the physical servers hosting virtual machines and VDI seats. Also, the growth of IPv6 traffic can be efficiently accommodated and bridged to existing IPv4 equipment using IP translation services hosted in the ADC. When users move to a new location, its necessary to migrate their desktop and virtual machine configuration as well as move the application data to a data center within an acceptable distance. Moving virtual machines in real time non-disruptively maybe viable where latency between data centers is low (5 milliseconds or less) but is not possible over continental distances. In addition, moving the virtual machine and its hosted desktop environment also requires moving user data or application access to that data will be adversely affected by latency. Consequently, the WAN has to also support efficient migration of the VDI environment including the virtual machine, all applications and their settings as well as the data. MPLS and VPLS services are options for the live virtual machine migration within a geographic region while efficient migration of user data could benefit from optimized storage migration protocols such as Fiber Channel over IP (FCIP). Brocade provides 1 GE and 10 GE FCIP solutions as well as MPLS and VPLS solutions over 1/10/40 and 100 GE links.

Integration of Security Services

The VCB is designed to provide flexible support for network security services. In the VMware VDI solution, virus-scanning agents provided by Trend Micro run inside the virtual server. Typically, additional network security services will be deployed as well. Figure 8 shows common security architectures providing firewall, load balancing and intrusion detection and protection services. The Brocade ADX provides not only server load balancing for optimizing traffic flow to firewall services, but high performance off-load for SSL termination removing this resource intensive operation from servers hosting VDI sessions. As shown in Figure 12, the ADX can be used with a VCS Ethernet Fabric in a variety of topologies such as the 6 pack, Layer 3 Lollipop and in the future, leveraging a new capability, dynamic service insertion, the layer 2/layer 3 Lollipop.

Figure 8. VCS technology supports flexible security architecture

Scalable Virtual Desktop Infrastructure Using Brocades CloudPlex Architecture

14 of 19

NETWORK MANAGEMENT

TECHNICAL BRIEF

The roadmap for VCS technology includes dynamic service insertion and support for layer 3 routing within the fabric. As shown in the right hand diagram of Figure 14, traffic is transparently rerouted within the VCS Ethernet Fabric to provide the appropriate security services. This allows a flatter core/edge network architecture instead of the classic three tier network. A flatter fabric network eliminates network devices reducing capital cost, simplifying configuration and management to lower operating costs.

Access Control and Transparent Support of IPv4 and IPv6 Devices

The growth of devices using the Internet is forcing migration to a new routing architecture, called IPv6, with sufficient addresses to meet the demand. While IPv6 avoids address exhaustion, it does so without being backward compatible with the previous address method, IPv4. But, traffic between IPv6 and IPv4 devices needs to flow seamlessly. Therefore, a means to provide reliable and secure mapping of IPv6 addresses used by newer user devices to older IPv4 addresses commonly used in the data center is necessary. This requirement and likely will continue for some time to come. Another important challenge is managing device access control to the desktop applications running in the data center. Many more users will access many more applications from a variety of devices so scalable performance of access control services becomes critical. Any access control function that gets implemented between the user and an application has the potential to slow things down. To achieve high performance, solutions that use hardware to accelerate access control while automatically sensing network load and directing new user sessions to less utilized servers become very important in maintaining user experience. Today, Brocades ADX family of application delivery controllers have the required features for access control of users from the campus LAN and WAN to applications in the data center and IPv6/IPv4 mapping, or network address translation (NAT64) services as shown in Figure 9.

Figure 9. Using an application delivery controller for IPv6-IPv4 NAT A primary requirement for application delivery controllers, such as Brocades ADX family, is getting remote users securely connected to their applications with minimal latency. Since user experience is largely measured by latency, fast access control and connection load balancing are needed. In addition, access control has to be resilient so upgrades and component failures do not disrupt traffic from user devices to applications.

Monitoring, Management and Traffic Analysis

VDI places new and more stringent requirements on the end-to-end network inclusive of the data center, campus LAN and WAN due to distributed access from a variety of clients to their desktop environment in the data center. Careful planning for monitoring, management and traffic analysis is important to ensure user experience, availability and resiliency, and fault isolation are built into the network infrastructure.

Scalable Virtual Desktop Infrastructure Using Brocades CloudPlex Architecture

15 of 19

NETWORK MANAGEMENT

TECHNICAL BRIEF

Brocade fully supports an open management platform, sFlow, to provide these capabilities. sFlow is a packet sampling technology that can be implemented in a broad range of networking devices such as layer 2 switches, layer 47 application controller switches, and core routers. A primary goal of sFlow is to provide these services without degrading performance of network devices. This means sFlow can scale as link rates increase as evidenced by its inclusion in Brocades MLXe Routers with industry-leading 100 GbE connectivity. As shown in Figure 10, sFlow separates traffic sampling from traffic analysis. Packet sampling logic is embedded inside the data path of the network device while traffic analysis is processed on a separate device, typically a server or server cluster. This architecture allows large scalability with real-time analysis.

Figure 10. sFlow architecture for Monitoring, Management and Traffic Analysis For applications environments such as VDI that require high availability from client device to data center server across the campus LAN and the WAN, scalable, real-time network monitoring ensures accurate metrics so proactive actions can be taken to ensure user experience. Further, sFlow-based traffic analysis improves planning and equipment utilization so potential network hot spots can be correlated with changes in VDI workload anywhere in the network. VM migration can then help rebalance network traffic as required and capacity planning can support network upgrades where essential for maintaining user experience. Finally, sFlow tools are available from a number of vendors since sFlow has open interfaces.

Scalable Virtual Desktop Infrastructure Using Brocades CloudPlex Architecture

16 of 19

NETWORK MANAGEMENT

TECHNICAL BRIEF

Scaling Out the VCB Solution for VMware View

Figure 11 shows how the VCB for VDI can scale-out to a VMware View 5.000 seat Pod. VMware publishes a reference architecture that has been tested up to this size. This is used as the framework for how to scale up the VCB design. Five modules are connected together forming a single management Pod based on the VMware View Reference Architecture. Even larger modules could be constructed using more modules or modules can be designed with components tested to support more than 1,000 VDI seats per rack, but there is a natural scale-out limit of 5,000 View seats per Pod in the VMware reference architectures so that defined the Pod size. Storage options include iSCSI, Fibre Channel and Fibre Channel over Ethernet, each being suitable for particular cost/performance and total module scale up requirements.

Figure 11. VCB solution for 5,000 seat VMware View Pod configuration The VCS Ethernet Fabric connects multiple modules together forming a management Pod and directly attaches a Pod to the network core for a flatter network. The core connections use Brocades multi-chassis trunking (MCT) in the core routers with VCS vLAG connections in the Ethernet Fabric to provide resiliency and high availability. Brocade VCS vLAG links leverage 10 GE connections on the VDX switches to eliminate bottlenecks for traffic flowing to the core. And, vLAG links can connect to multiple VDX switches for improved resiliency and availability. Optionally, an aggregation layer can be added between the VCS Ethernet Fabric and the core if a traditional three tier architecture is desired. Security services (intrusion detection/prevention, active directory services, etc.) can be integrated with each Module. Adding a Brocade ADX application delivery controller at the core provides IPv6 translation services for seamless integration of IPv6 and IPv4 traffic while providing load balancing for firewall services.

Scalable Virtual Desktop Infrastructure Using Brocades CloudPlex Architecture

17 of 19

NETWORK MANAGEMENT

TECHNICAL BRIEF

Between VDX switches, Brocade ISL Trunks (B-ISLT) automatically form highly efficient layer-2 trunks as soon as cables are connected between switches. The B-ISLT is highly efficient for east-west traffic using 10 GE links with up to eight links per trunk. Revolutionary frame stripping across the physical links deliver near perfect load balancing with very low latency not available in traditional LAG solutions. Built-in ECMP services in the Ethernet Fabric automatically optimize traffic flows utilizing all available shortest paths in the fabric for load balancing with resiliency. As shown in Figure 12, multiple 5.000 seat VMware View Pods can be used to construct very large-scale configurations, into the tens of thousands of seats in a single location if necessary.

Figure 12. Scale-out of VMware View Pods to tens of thousands of seats

TESTING VCB FOR SCALABILITY AND SUPPORTABILITY

Brocade is actively engaged in test and validation of Virtual Compute Blocks specifically optimized for VDI using VMware View. As with any large scale deployment of emerging technology, its important to validate and test configurations to ensure required scalability, availability and operation models are well designed and proven prior to deployment in production. Our VCB architecture is backed by our investment in partner programs to test, validate and harden complete modular solution offerings, as well as integrated management and post-sale support. But additional testing to confirm resiliency, disaster recovery, upgrade and service methodology, etc. is also important. Brocade is prepared to support this level of development with our partners for unique customer environments such as found at global systems integrators, service providers and government agencies.

Scalable Virtual Desktop Infrastructure Using Brocades CloudPlex Architecture

18 of 19

NETWORK MANAGEMENT

TECHNICAL BRIEF

SUMMARY
The virtual enterprise has arrived. The key technology driving the changes in computing infrastructure is server virtualization. Two other trends amplify the value of virtualization: distributed component application stacks developed for the web and the transition of IT operations into a service provider. This is the Cloud computing model offering more flexibility to place data and applications anywhere in the network, anywhere in the world. Brocades CloudPlex architecture directly addresses the transitions in computing and application architecture with new network capabilities. We believe that fabrics, open systems and global reach, the three pillars of the CloudPlex architecture, are fundamental principles defining computing and networking in the 21st century. Virtual desktop infrastructure is growing with implementations both in private data centers and the public cloud. Key challenges include scaling the infrastructure, ensuring secure access, cost-effective mobility of user desktops and data between data centers anywhere in the world and handling the growth of devices using IPv6. VDI infrastructure is an excellent fit for the CloudPlex architecture as recognized by VMware and other partners who are actively working with Brocade to deliver tested, preconfigured Virtual Compute Blocks based on Brocades CloudPlex architecture.

2011 Brocade Communications Systems, Inc. All Rights Reserved. 07/11 GA-TB-393-00 R5 Brocade, the B-wing symbol, DCX, Fabric OS, and SAN Health are registered trademarks, and Brocade Assurance, Brocade NET Health, Brocade One, CloudPlex, MLX, VCS, VDX, and When the Mission Is Critical, the Network Is Brocade are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries. Other brands, products, or service names mentioned are or may be trademarks or service marks of their respective owners. Notice: This document is for informational purposes only and does not set forth any warranty, expressed or implied, concerning any equipment, equipment feature, or service offered or to be offered by Brocade. Brocade reserves the right to make changes to this document at any time, without notice, and assumes no responsibility for its use. This informational document describes features that may not be currently available. Contact a Brocade sales office for information on feature and product availability. Export of technical data contained in this document may require an export license from the United States government.

Scalable Virtual Desktop Infrastructure Using Brocades CloudPlex Architecture

19 of 19