Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Technical Overview This paper describes how Brocades CloudPlex architecture enables large-scale deployment of virtual desktop infrastructure: tens of thousands of desktops on a global scale. It identifies the challenges in the data center, campus LAN and wide area networks that need to be considered and reviews how key elements of the CloudPlex architecture including fabrics, open systems and global reach, effectively meet these challenges.
NETWORK MANAGEMENT
TECHNICAL BRIEF
CONTENTS
The Importance of a Virtual Desktop..........................................................................................................................................................................................3
Challenges of Large Scale VDI Deployment ............................................................................................................................................................................3
Impact on the Data Center..............................................................................................................................................3
Impact on the Campus LAN ............................................................................................................................................4
Impact on the Wide Area Network ..................................................................................................................................5
Brocade CloudPlex Architecture...................................................................................................................................................................................................5
CloudPlex is Fabric-Based ...............................................................................................................................................6
CloudPlex Is Open ............................................................................................................................................................7
Virtual Compute Block .............................................................................................................................................8
OpenStack ................................................................................................................................................................8
OpenFlow ..................................................................................................................................................................8
CloudPlex is Global ..........................................................................................................................................................8
Applying the CloudPlex Architecture to Large-Scale VDI Deployment ...........................................................................................................................9
Brocade Virtual Cluster Switching ..................................................................................................................................9
Brocade Virtual Compute Blocks ................................................................................................................................. 10
VCB Integration with VMware View..........................................................................................................................................................................................11
Pre-tested, Factory Integrated Components for Fast Time to Service ...................................................................... 12
Fabric-based Scale-out Architecture ........................................................................................................................... 13
Other Requirements for Large Scale VDI Deployments...................................................................................................................................................13
Integration with Campus LAN....................................................................................................................................... 13
Integration with WAN .................................................................................................................................................... 14
Integration of Security Services ................................................................................................................................... 14
Access Control and Transparent Support of IPv4 and IPv6 Devices......................................................................... 15
Monitoring, Management and Traffic Analysis ........................................................................................................... 15
Scaling Out the VCB Solution for VMware View .......................................................................................................... 17
Testing VCB for Scalability and Supportability......................................................................................................................................................................18
Summary...........................................................................................................................................................................................................................................19
2 of 19
NETWORK MANAGEMENT
TECHNICAL BRIEF
3 of 19
NETWORK MANAGEMENT
TECHNICAL BRIEF
ports can move, and small layer 2 switching domains restrict virtual machine mobility, limiting its benefits. The advantages of virtual machine mobility apply to large-scale VDI deployments as well. As more applications take advantage of server virtualization, both the IP network and storage networks need to provide more bandwidth to the server. With 10 or 20 applications running on a single server that used to host only one, the network bandwidth grows considerably. And, as connections are used to share both IP and storage traffic, logical isolation of traffic becomes important so issues with one type of traffic cant disrupt other types. This has driven higher bandwidth connections to servers and more bandwidth between network switches and routers. Quality of Service for both IP and storage networks has become much more common as it provides the tools required for logical traffic isolation on a shared network. One other area that has changed is the traffic patterns in the data center network. In the past with many remote clients accessing an application on a single server, most network traffic was north-south moving between the access layer where the data center servers are through an aggregation layer and then routing to the core to the campus LAN or WAN networks. Data center networks could have high oversubscription ratios across these three tiers (access, aggregation, and core). But today, with new Web 2.0 applications, server virtualization using live virtual machine migration and storage traffic running over the IP network, there is a lot of east-west traffic that must efficiently move across the layer-2 LAN network. This is driving changes in Ethernet that is the primary layer 2 technology. Problems include Spanning Tree protocol limitations on scalability and resiliency, static network policies that cant keep up with virtual machine migration and the complexity of configuration and management as more layers and devices are added at layer 2. Another important consideration is storage. Direct attach storage captive inside the server is insufficient. For VDI, shared storage pools connected to a storage network are required as virtual machines host the VDI environment and they require shared access to a common storage pool. Many storage features can be effectively leveraged to simplify operations and reduce cost, including thin provisioning, de-duplication, block level replication for cloning and disaster recovery, snapshot for on-line backup and duplication and solid state disk for high performance. Brocade has a long history in the storage market as a pioneer of Fibre Channel networking, the first scalable solution for shared storage. Today, Brocades fabric technology is available and supported by all major storage vendors for every type of block access storage network protocol including Fibre Channel, iSCSI and Fibre Channel over Ethernet (FCoE), as well as file accessed storage using NFS and CIFS. The Virtual Compute Block architecture discussed later is flexible and able to support all block storage and file access protocols. A single VCB configuration can incorporate one or more types of block storage and all storage vendor provided storage optimization features. Cost-effective solutions of VCB modules can be easily deployed side-by-side, or specific storage network protocols and storage arrays can be used in different environments to meet varying environmental, operational, performance and cost requirements. Security is of course an important requirement particularly in the network. Firewalls, load balancers, intrusion detection and protection, virus detection are all critical elements of the network. With VDI, security must now extend to desktop application traffic where previously that traffic never left the desktop or laptop computer. Therefore, security services have to scale to support much higher traffic rates. Higher performance and reliability are clearly important design requirements. Configuration of security policies must be consistent and encryption services such as secure sockets layer (SSL) must be relied on to protect information flowing between thin clients and the applications hosted in the data center.
4 of 19
NETWORK MANAGEMENT
TECHNICAL BRIEF
the power they need from the same Ethernet connection used to attach to the network. POE is common for Voice over IP (VoIP) environments to power telephone handsets and this same technology can be efficiently used for thin/zero clients reducing facilities costs.
Figure 1. Brocades CloudPlex architecture for cloud computing To address this transition, Brocade developed an architectural called CloudPlex. It is designed around three pillars necessary to make the transition from dedicated, static infrastructure captive to a single application
5 of 19
NETWORK MANAGEMENT
TECHNICAL BRIEF
or user, to a world of virtual computing dynamically assembled from loosely coupled virtualized resources, platforms and highly distributed application components.
CloudPlex is Fabric-Based
Fabric technologiesoriginally developed for FC SANs and now being brought to Ethernet-are the key to radically simplifying the network, improving scale, and optimizing resource utilization with virtual machines. Fabrics are a foundational element of highly virtualized and cloud networks. They take us back to what networking was supposed to bea seamless entity for any to any communications. So what is driving the need? It is really very simple. Networking is designed to support business applications. When the applications change, the underlying network has to change. This is what is driving the evolution of the layer 2 network to fabrics technology. Historically, applications have been written as monolithic programsconnected to big compute nodes and
Ethernet Fabrics
Compared to classic hierarchical Ethernet architectures, Ethernet fabrics provide higher levels of performance, utilization, availability, and simplicity. They have the following characteristics at a minimum: Flatter. Ethernet fabrics eliminate the need for Spanning Tree Protocol, while still being completely interoperable with existing Ethernet networks Flexible. Can be architected in any topology to best meet the needs of any variety of workloads. Resilient. Multiple least cost paths are used for high performance and high reliability. Elastic. Easily scales up and down at need. More advanced Ethernet fabrics borrow further from Fibre Channel fabric constructs: They are self-forming and function as a single logical entity, in which all switches automatically know about each other and all connected physical and logical devices. Management can then be domain-based rather than device-based, and defined by policy rather than repetitive procedures. These features, along with virtualization-specific enhancements, make it easier to explicitly address the challenges of VM automation within the network, thereby facilitating better IT automation. Protocol convergence (eg Fibre Channel over Ethernet, or FCOE) may also be a feature, intended as a means of better bridging LAN and SAN traffic.
. attached to appropriately sized network and storage elements. Scaling relied on replacement of the server with a larger model. Applications were commonly deployed on dedicated servers limiting flexibility while hindering maintenance and disaster recovery. Virtualization has altered that model by introducing an abstraction layer between the application and the underlying hardware. The application can move to whatever hardware platform has the best price/performance characteristics. This has become a compelling model for hardware resource management in the data center.
6 of 19
NETWORK MANAGEMENT
TECHNICAL BRIEF
Another trend transforming application stacks is shown in Figure 2: applications are written in a much more modular way where individual components use the network to communicate with each other reliably with low latency. One example of this new model is having a web front-end, database tier and application tier all tied together with a middleware layer over a SOA bus. For this new application stack, low latency, resiliency and high availability are critical requirements of the network as a single component can support many applications so an outage of a single component can have wide ranging, negative effects.
Figure 2. Application stacks are becoming collections of distributed modular components Using this application architecture, some of the supporting elements like firewalls, intrusion detection and prevention systems (IDS/IPS), are being implemented inside virtual machines. So the modern application stack is becoming a collection of smaller components communicating with each other over a high speed, low-latency, and resilient network. With virtualization, the components themselves may move from server to server optimizing service levels and utilization, reducing power and cooling costs while simplifying maintenance and disaster recovery. The challenge is that the networks weve built over the past decade were not designed to efficiently support this new application stack. The limitations inherent in existing network designs are getting in the way, so network design has to change accordingly. One clear transition is industry recognition of the need for flatter, lossless and low latency networks. One way to achieve this is with an Ethernet fabric architecture as a fabric provides exactly the qualities needed to address the challenge. With its fabric heritage, Brocade recognized early the advantages of bringing core fabric characteristics to Ethernet, and released its Ethernet fabric technology, called Virtual Cluster Switching (VCS), in 2010. VCS is discussed in more detail in the section titled, Brocade Virtual Cluster Switching.
CloudPlex Is Open
The second is leveraging open interfaces and standards. The CloudPlex architecture promotes the combination of best of breed components, open routing, provisioning, and management interfaces. Open systems for networking create healthy competition, speed innovation, and ultimately result in faster customer adoption and better price efficiency. This has been true in computing and in application development, so clearly its applicable to networking as well.
7 of 19
NETWORK MANAGEMENT
TECHNICAL BRIEF
To enhance openness and interoperability, CloudPlex incorporates three components as shown in Figure 3.
Virtual Compute Block A Virtual Compute Block (VCB) is Brocades solution for facilitating the interconnection of Best-of-Breed Components into building blocks for scaling virtualization. VCB is part of our partner-based development initiative to design, test and pre-configure modular virtualization solutions. For example, we are working with hypervisor vendors and our partners to integrate their offerings using our VCB solution. OpenStack One of the tenets of cloud computing is data center wide orchestration of virtualized resources with just-intime provisioning. In the past, network infrastructure provisioning and management frameworks were specific to the hardware vendor. Multiple frameworks were needed, each having limited interoperability with the other. Today, an organization called OpenStack.org was started to address this problem. OpenStack is an interoperable set of management tools that make management of the network infrastructure transparent avoiding lock-in of network devices with management functions. Therefore, OpenStack software is being integrated into cloud computing architectures used by many companies. OpenFlow OpenFlow is the emerging standard for software-defined networking that could provide improved optimization of network services in large-scale environments. The control plane becomes an open platform using standard APIs so network services and optimized traffic policies can be integrated more quickly across multiple vendors routers and switches. Service provides are adding cloud computing services to their offerings and OpenFlow has drawn attention as an approach to solving a number of challenges in large-scale multi-tenant service environments such as the public cloud. Brocade has joined the OpenFlow community and is actively engaged in development of OpenFlow components and research projects.
CloudPlex is Global
One of the assumptions of the CloudPlex framework is that everything has to be considered in a global context. VMs and data cant just move across a couple of servers and storage arrays; they have to be capable of moving across the world. Users are becoming much more mobile. IT services arent monolithic anymore and are distributed so efficient, secure and cost-effective data center-to-data center connectivity is critical in a cloud computing architecture. No matter how fast networks get, there is delay caused by the finite speed of light when you separate users, applications, and data over distance. Optimizing the user experience is essential and requires the ability to move application execution and data closer to users whenever degraded user experience requires it. Efficiently and securely moving application components and data between data centers is important not only for disaster recovery but for cost-optimization by minimizing power and cooling surcharges and optimizing software license charges.
8 of 19
NETWORK MANAGEMENT
TECHNICAL BRIEF
One other growing requirement of global access is the reality of limited availability of IP addresses worldwide. Today, the current IP addresses, IPv4, are no longer available for allocation from IANA the central clearinghouse for IP address allocation. A new and vastly larger set of addresses, IPv6, is available and already being used in various industries, federal government agencies, and by Internet providers in some countries. However, Internet devices using IPv4 cant directly connect to devices using IPv6 as the IPv6 address structure is not backward compatible with IPv4. Solutions exist for Internet service providers and for enterprises and are integrated into the CloudPlex architecture.
9 of 19
NETWORK MANAGEMENT
TECHNICAL BRIEF
Only Brocade VCS technology, backed by a heritage of proven fabric innovations, delivers IT agility and assures reliability, with a cost-effective point of entry to allow you to transition gracefully to elastic, highly automated, mission-critical networks in your virtualized data center. VCS technology is embedded in the Brocade VDX Data Center Switch portfolio. Brocade VDX Data Center Switches are available today to enable you to build Ethernet fabrics to support cloud-optimized networking and greater enterprise agility.
Figure 5. Virtual Compute Block Solution with VMware The platform leverages the advantages of data and storage. A fabric is designed to address the stringent scalability, availability, resiliency and manageability requirements of virtualization. It is architected to exploit modularity for simpler management and much shorter time from purchase to deployment. Using the VCB solution, Brocade works with storage and server partners to quickly construct, test and validate modular compute blocks for server virtualization. These pre-built modules are designed to be orderable as single unit ready for deployment, allowing customers to choose from several module configurations based on their virtualization requirements. A unique capability of the VCB solution is built-in network scalability. This means customers can easily connect different VCB solutions together to quickly scale out their virtualization infrastructure. Key to this scale-out capability is the inherent properties of fabrics: multipath, resilient, flexible, lossless, low latency and scalable. Brocades Virtual Compute Block solution is flexible. For instance, 1 GE or 10 GE ports for server access are provided on any port in the switch. Storage support includes Fibre Channel, iSCSI, Fibre Channel over Ethernet for block access and file-based access via CIFS and NAS.
10 of 19
NETWORK MANAGEMENT
TECHNICAL BRIEF
11 of 19
NETWORK MANAGEMENT
TECHNICAL BRIEF
12 of 19
NETWORK MANAGEMENT
TECHNICAL BRIEF
Figure 7. Scaling Brocade VCB solution for VMware View In this example using Dell Servers and iSCSI Storage, each VCB module consists of an integrated rack of servers and storage optimized for a particular number of VDI seats based on the compute and storage components used. Design considerations include number and type of CPU processor, memory, IO, storage array ports, spindles and LUN placement, and network connectivity to servers and storage. In this example, 1,000 seat VCB modules are shown. With VCB solutions, different size modules can be designed to fit within a rack optimized for the desired cost/performance metric. The modular architecture provides an extensible pool of compute, storage and Ethernet Fabric connectivity that simplifies scale-out by attaching multiple modules together via the VCS Ethernet Fabric.
13 of 19
NETWORK MANAGEMENT
TECHNICAL BRIEF
14 of 19
NETWORK MANAGEMENT
TECHNICAL BRIEF
The roadmap for VCS technology includes dynamic service insertion and support for layer 3 routing within the fabric. As shown in the right hand diagram of Figure 14, traffic is transparently rerouted within the VCS Ethernet Fabric to provide the appropriate security services. This allows a flatter core/edge network architecture instead of the classic three tier network. A flatter fabric network eliminates network devices reducing capital cost, simplifying configuration and management to lower operating costs.
Figure 9. Using an application delivery controller for IPv6-IPv4 NAT A primary requirement for application delivery controllers, such as Brocades ADX family, is getting remote users securely connected to their applications with minimal latency. Since user experience is largely measured by latency, fast access control and connection load balancing are needed. In addition, access control has to be resilient so upgrades and component failures do not disrupt traffic from user devices to applications.
15 of 19
NETWORK MANAGEMENT
TECHNICAL BRIEF
Brocade fully supports an open management platform, sFlow, to provide these capabilities. sFlow is a packet sampling technology that can be implemented in a broad range of networking devices such as layer 2 switches, layer 47 application controller switches, and core routers. A primary goal of sFlow is to provide these services without degrading performance of network devices. This means sFlow can scale as link rates increase as evidenced by its inclusion in Brocades MLXe Routers with industry-leading 100 GbE connectivity. As shown in Figure 10, sFlow separates traffic sampling from traffic analysis. Packet sampling logic is embedded inside the data path of the network device while traffic analysis is processed on a separate device, typically a server or server cluster. This architecture allows large scalability with real-time analysis.
Figure 10. sFlow architecture for Monitoring, Management and Traffic Analysis For applications environments such as VDI that require high availability from client device to data center server across the campus LAN and the WAN, scalable, real-time network monitoring ensures accurate metrics so proactive actions can be taken to ensure user experience. Further, sFlow-based traffic analysis improves planning and equipment utilization so potential network hot spots can be correlated with changes in VDI workload anywhere in the network. VM migration can then help rebalance network traffic as required and capacity planning can support network upgrades where essential for maintaining user experience. Finally, sFlow tools are available from a number of vendors since sFlow has open interfaces.
16 of 19
NETWORK MANAGEMENT
TECHNICAL BRIEF
Figure 11. VCB solution for 5,000 seat VMware View Pod configuration The VCS Ethernet Fabric connects multiple modules together forming a management Pod and directly attaches a Pod to the network core for a flatter network. The core connections use Brocades multi-chassis trunking (MCT) in the core routers with VCS vLAG connections in the Ethernet Fabric to provide resiliency and high availability. Brocade VCS vLAG links leverage 10 GE connections on the VDX switches to eliminate bottlenecks for traffic flowing to the core. And, vLAG links can connect to multiple VDX switches for improved resiliency and availability. Optionally, an aggregation layer can be added between the VCS Ethernet Fabric and the core if a traditional three tier architecture is desired. Security services (intrusion detection/prevention, active directory services, etc.) can be integrated with each Module. Adding a Brocade ADX application delivery controller at the core provides IPv6 translation services for seamless integration of IPv6 and IPv4 traffic while providing load balancing for firewall services.
17 of 19
NETWORK MANAGEMENT
TECHNICAL BRIEF
Between VDX switches, Brocade ISL Trunks (B-ISLT) automatically form highly efficient layer-2 trunks as soon as cables are connected between switches. The B-ISLT is highly efficient for east-west traffic using 10 GE links with up to eight links per trunk. Revolutionary frame stripping across the physical links deliver near perfect load balancing with very low latency not available in traditional LAG solutions. Built-in ECMP services in the Ethernet Fabric automatically optimize traffic flows utilizing all available shortest paths in the fabric for load balancing with resiliency. As shown in Figure 12, multiple 5.000 seat VMware View Pods can be used to construct very large-scale configurations, into the tens of thousands of seats in a single location if necessary.
18 of 19
NETWORK MANAGEMENT
TECHNICAL BRIEF
SUMMARY
The virtual enterprise has arrived. The key technology driving the changes in computing infrastructure is server virtualization. Two other trends amplify the value of virtualization: distributed component application stacks developed for the web and the transition of IT operations into a service provider. This is the Cloud computing model offering more flexibility to place data and applications anywhere in the network, anywhere in the world. Brocades CloudPlex architecture directly addresses the transitions in computing and application architecture with new network capabilities. We believe that fabrics, open systems and global reach, the three pillars of the CloudPlex architecture, are fundamental principles defining computing and networking in the 21st century. Virtual desktop infrastructure is growing with implementations both in private data centers and the public cloud. Key challenges include scaling the infrastructure, ensuring secure access, cost-effective mobility of user desktops and data between data centers anywhere in the world and handling the growth of devices using IPv6. VDI infrastructure is an excellent fit for the CloudPlex architecture as recognized by VMware and other partners who are actively working with Brocade to deliver tested, preconfigured Virtual Compute Blocks based on Brocades CloudPlex architecture.
2011 Brocade Communications Systems, Inc. All Rights Reserved. 07/11 GA-TB-393-00 R5 Brocade, the B-wing symbol, DCX, Fabric OS, and SAN Health are registered trademarks, and Brocade Assurance, Brocade NET Health, Brocade One, CloudPlex, MLX, VCS, VDX, and When the Mission Is Critical, the Network Is Brocade are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries. Other brands, products, or service names mentioned are or may be trademarks or service marks of their respective owners. Notice: This document is for informational purposes only and does not set forth any warranty, expressed or implied, concerning any equipment, equipment feature, or service offered or to be offered by Brocade. Brocade reserves the right to make changes to this document at any time, without notice, and assumes no responsibility for its use. This informational document describes features that may not be currently available. Contact a Brocade sales office for information on feature and product availability. Export of technical data contained in this document may require an export license from the United States government.
19 of 19