Академический Документы
Профессиональный Документы
Культура Документы
26601 Agoura Road, Calabasas, CA 91302 | Tel: 818.871.1800 | Fax: 818.871.1805 | www.ixiacom.com | 915-2950-01 Rev A August 2011
Contents
Cloud Services....................................................................................................... 3
Data Center Trends................................................................................................ 4
Virtual Desktop Infrastructure............................................................................... 7
Testing the Cloud................................................................................................... 8
Security Testing....................................................................................................15
Conclusion ........................................................................................................... 17
What is the cloud? The details are still evolving, but for most enterprises the cloud is a
set of services, data, resources, and networks located elsewhere. This contrasts with
the historical centralized data center model where enterprises purchased, configured,
deployed, and maintained their own servers, storage, networks, and infrastructures.
Cloud Services
The resources of the cloud, while owned and maintained by a cloud service provider,
are often borrowed by the enterprise. There are three acknowledged types of service
offerings:
Infrastructure-as-a-Service as offered by
VMware, Citrix, Dell, HP, IBM, Cisco, F5, Juniper, and
others. These companies offer the building blocks of
cloud services that are available through a number
of cloud hosting services such as Amazons Elastic
Computing Cloud (EC2). They include a virtualization layer, database, web, and application
servers, firewalls, server load balancers, WAN optimizers, routers, and switches.
Software-as-a-Servce
Infrastructure Software/OS
Platform-as-a-Servce
SalesForce.com, Google
Apps,Work Day, Taleo,
Oracle.com, RightNow,
SAP, Netsuite, Webex,
IBM Lotus, Facebook
Azure, Google AppEngine,
Force.com, Herokum Sun
Virtualization Laver
Infrastructure
as-a-Service
+
Servers DB, Web, App
Why have major applications and web sites moved to the cloud? One of the biggest
reasons is the widespread availability of broadband networks such as 10 Gigabit Ethernet
(GE) that connect the enterprise with cloud providers sites. Broadband to the home
has created an expectation of flawless delivery for bandwidth-hungry, high resolution
content which is better served by distributed cloud providers that own higher bandwidth
connections and more storage. The use of a cloud-based infrastructure means there is
no local infrastructure to purchase, manage, secure, or upgrade. Rather than attempting
to estimate peak and growth data center usage, enterprises can adopt a pay-as-you-go
structure, paying for only what they use.
Cloud elasticity, scalability,
and performance are
perhaps the most compelling
reasons to adopt a cloud
strategy. Computing, storage,
and network resources are
easily and quickly deployed
using cloud providers
allowing an enterprises
internal applications and/
or external web site elastic
adaptation to demand. This
elasticity also provides the
means of scaling to any
size desired, and to match
performance requirements and ensure customer SLAs are maintained and end user
experience unaffected during peak utilization.
Broadband to the
home has created
the expectation for
bandwidth-hungry,
high resolution
Some cloud service providers offer access control and encryption services that enable
content which is the safe storage of sensitive company and customer data. Such services are often more
secure than those available with local IT staff and facilities.
better served by
distributed cloud Data Center Trends
providers with The key technological advance that makes cloud computing financially viable is server
virtualization the ability to run many virtual machines, each with its own resources, on a
higher bandwidth single, powerful host. Host systems typically use powerful processing blades that contain,
or are attached to, substantial storage and network resources.
connections and
Running multiple applications and operating systems on a single server greatly increases
more storage. server utilization, averaging-out server load. This, in turn, leads to greater reduction in the
number of servers that enterprises must purchase, deploy, operate, maintain, power, cool,
and house.
Once applications are configured to run on virtual machines that share server blades,
they achieve a level of portability that enables flexibility, scalability, and performance
guarantees. Better network responsiveness is achieved when applications that regularly
communicate with each other run on the same sever.
Throughout the world, private companies and government agencies are increasing the rate
at which they use server virtualization. As reported by Network World, Gartner expects
the share of server workloads being run on virtualized servers to grow from 18 percent
Server Consolidation
Recently, the U.S. federal government announced one of the largest data center
consolidation projects in history, in which more than 1,100 data centers across the United
States will be consolidated into a smaller number of much larger data centers. Leading
corporations such as HP and Intel are also undertaking massive data center consolidation.
For example, HP is consolidating 85 data centers into 6, and Intel, 133 data centers to 8
new, highly-dense data centers.
Server consolidation enables more flexible and efficient allocation of server resources,
and reduces the need for floor space, electricity, and cooling. Efficiency is particularly
important in light of imminent government regulation. According to SPECpower, a server
must be loaded at 60% or more to be declared green.
As reported by
Network World,
Gartner expects
the share of server
workloads being
run on virtualized
servers to grow
from 18 percent in
October of 2009 to
28 percent in 2010
to nearly 50 percent
by 2012.
using virtualization technologies can generate tens of gigabits per second of data. That
means that the network infrastructure must be upgraded to accommodate a much higher
level of I/O performance.
Network Convergence
FC HBA
FC HBA
FC HBA
FC HBA
FC Traffic
FC Traffic
CNA
Enet Trafficc
Enet Traffic
All Traffic
over 10GE
CNA
FC HBA
FC HBA
IPC Traffic
IPC Traffic
Server
Networking
Storage
Clustering
TCP/IP
UDP
SCSI FCP
FICON
iWarp
Enhanced Ethernet
NIC
Enhanced Ethernet
Fabric
PCoIP allows all enterprise desktops to be centrally located and managed in the data
center, while providing a robust user experience fo remote users.
Remote desktop protocol (RDP) a Microsoft proprietary protocol which is an extension
of the ITU-T T.128 application sharing protocol allowing a user to graphically interface with
another computer.
Citrix independent computing architecture (ICA) a Citrix proprietary protocol that is a
platform-independant means of exchanging data between servers and clients.
Network performance is a key factor here. As described in a posting on the Citrix Blog,
Table 1 estimates the amount of bandwidth that might be used by XenDesktop users. It
doesnt require many users to hit tens of Mbps.
Activity
XenDesktop Bandwidth
Office
43 Kbps
Internet
85 Kbps
Printing
573 Kbps
Flash Video
174 Kbps
464 Kbps
1812 Kbps
Routers
Storage systems
Virtual hosts
Firewalls
VPN gateways
Routers
Each of the networking components used within the data center must be thoroughly
tested for conformance to standards, functionality, interoperability, performance, and
security before deployment. This type of testing is the bread and butter of network testing
companies such as Ixia.
Ixias test solutions cover the wide range of data center network testing. Ixias chassis
house up to 12 interface cards, which include Ethernet speeds from 10Mbps to 100Gbps;
high-density solutions for 1Gbps and 10Gbps are available. Direct fibre channel interfaces
are used for storage area network (SAN) testing. Each test port is backed by substantial
special-purpose traffic generation hardware, and substantial compute power and memory.
Application delivery
controllers are
an important
component of the
modern cloud data
center. Using deep
packet inspection,
they look at every
bit of application
layer traffic in order
to classify and
prioritize traffic.
Ixia test ports are programmed and used for specific areas of testing by Ixia test
applications, principally:
IxNetwork tests routers and switches and other layer 2/3 network devices. Routers
are tested through the use of emulation; an environment of tens to thousands of
routers can be created and attached to the device under test (DUT). Both switches and
routers are tested through line-rate, complex traffic on multiple ports.
IxNetwork has special support for DCB protocols associated with FCoE switches and
CNAs that bridge the gap between fibre channel storage arrays and FCoE/Ethernet
networks.
IxLoad tests application-layer devices such as web servers and application delivery
controllers. These devices are likewise tested through emulation of end-users of web,
data, voice, and video services. Subscriber communities in the tens of thousands are
emulated, generating large volumes of requests against Internet services. Web servers
and other services are emulated as well allowing tests of the routers, switches, and
other devices that transmit and shape traffic.
Application delivery controllers are an important component of the modern cloud
data center. Using deep packet inspection, they look at every bit of application layer
traffic in order to classify and prioritize traffic. Full, stateful emulation of end-user
application usage is required to test them.
Storage systems
These system-level components are critical to the basic operation of the data center. Their
performance and capacity must be carefully measured to determine the overall capacity
of the cloud data center. Performance measurements of these application services are
communicated through key performance indicators (KPIs). Some of the KPIs for standard
services are shown in the following table.
10
Traffic Type
Application
Key Performance
Indicators
Number of users
Connections per
second
Transactions per
second
Number of concurrent connections
Throughput
End-user QoE
Server utilization
Data Services
HTTP
FTP
E-mail
Streaming video
VoIP
Internet
Oracle
SQL
MAPI
Printing
CIFS, NFS
iSCSI
SCSI, FCoE
Read/write rate
I/O rate
Tansaction latency
Throughput
Server utilization
Quality of
experience (QoE),
delivering services
that are perceived
as error-free by the
customer, is the key
goal for multiplay
network devices.
Quality of experience (QoE), delivering services that are perceived as error-free by the
customer, is the key goal for multiplay network devices. The individual attributes that
contribute to QoE differ by service type:
Video services require a steady stream of high-bandwidth traffic, and are severely
impacted by packet reordering or loss.
Data services are often delivered with best-efforts, and relatively insensitive to
network impairments, but can require large amounts of bandwidth.
Emulation is likewise the key to testing system components, with IxLoad as the principle
Ixia product used in these measurements.
11
Peer-to-Peer
Peer-
Internet
Voice
V
IPTV
& Video
Figure 4: IxLoad Simulates Voice, Video, and Data S ervices to Verify Performance
The virtualized
environment
moves the power
of performance
measurement from
the pre-deployment
lab to the live
network.
Physical Servers
Server
Virtualization
Virtual
Machines
The virtualized environment moves the power of performance measurement from the predeployment lab to the live network. Virtual environments can be created for the express
purpose of measuring the performance of a live, configured network without requiring any
downtime. A number of critical measurements are possible when using IxLoad-VM:
12
Measurement of KPIs when clients and servers are located on the same physical
host. This eliminates the overhead associated with external networks and allows
measurement of virtual switch latency and throughput.
Measurement of KPIs when clients and servers reside on different virtual hosts in
the live data center. This permits direct measurement of the latency, throughput, and
responsiveness of the data centers network.
The performance of storage systems, whether fibre channel systems directly connected
to servers host bus adapters using fibre channel, or connected through CNAs to FCoE
switches, are critical to cloud performance. An additional IxLoad plug-in is designed for
this purpose:
Virtual desktop servers require a different technique. The operation of such servers is
determined by the tasks performed by the virtual desktop clients. In order to test the
performance and capacity of such servers, an enterprise-specific set of functions must be
generated. This type of testing can be performed using:
IxLoad-VDI a scalable VDI solution that is used to assess service delivery network
performance and server capacity. IxLoad-VDI interfaces with target platforms from
VMware, Microsoft, and Citrix. A set of customizable workload scripts are used to
emulate users. During the testing process, end-user transaction and server-side
latencies are measured along with server performance metrics that validate capacity:
free memory, CPU utilization, and I/O counters.
Virtual hosts
Service availability
Application QoE
13
Service Type
Fail-over time
Data/storage replication switch-over time
Uptime and QoE impact during VM migration
Application QoE
Performance
measurement is
accomplished
through the use
of end-user and
traffic emulation,
which exercises
applications
and data center
infrastructures.
Transaction latency
Transaction rate and throughput
I/O rate and latency
Elasticity Scalability
Fail-over time
Data/storage replication switch-over time
Uptime and QoE impact during VM
migration
IxLoad using traffic that originates at a customers site or within the data
center. Using Ixia hardware interfaces, any volume of traffic can be generated and
measured.
IxLoad-VM using traffic that originates within virtual machines in the data
center.
IxLoad-VDI using traffic that originates within virtual desktop servers in the
data center.
IxLoad-I/O generating direct server to storage traffic from within a server VM.
Emulated east-west traffic, in particular, when used with a diverse set of applications can
be very effective in measurement of server capacity and cloud infrastructure scalability. It
can also be used to validate the data integrity of transactions. Each type of application and
infrastructure traffic comes with its own KPIs.
14
Servers
rs
Servers
Live VM Migrating
East-West HTTP Server-Serverr
Traffic Flows
Servers
Storage
IP-Based Storage
Requests & Retrieval:
East-West Server-Storage/
Storage-Server Traffic Flows
Internet Browsing:
North-South Client-Server/
South-North Server-Client
Traffic Flows
Clients
Security Testing
Network security in a cloud environment is particularly important. Classical data centers
can secure their facilities through the front door that connected them to the Internet or
other corporate sites. Not so in a cloud environment. Each cloud computing and storage
component can be located at a different physical location and connected over the Internet
or private networks. Each of the connections is a potential security risk.
A number of dedicated security appliances are in widespread use, protecting enterprises
and data centers worldwide. The culmination of the development of these devices is
the unified threat management (UTM) system that encompasses the roles of firewalls,
intrusion prevention systems, anti-virus, anti-spam, and data loss prevention.
Virtual security applications are becoming widespread in the cloud environment. These
software-only, VM-aware implementations of security functions are distributed between
components of cloud applications. They serve to protect each component from other
traffic on shared networks and other VMs on virtualized servers.
Emulated east-west
traffic, in particular,
when used with
a diverse set of
applications can
be very effective
in measurement of
server capacity and
cloud infrastructure
scalability.
Regardless of whether they are physical or virtual and where they are placed in the data
center, security mechanisms must be tested thoroughly in three dimensions:
The last category is extremely important. Security devices have a difficult job to do:
watching all traffic on high speed links, inspecting for malware, fending off denial of
service attacks, etc. They must be able to find and prevent attacks when processing large
amounts of traffic. Likewise, they must pass an acceptable amount of normal traffic
15
when under heavy attack. A security device that cannot prevent penetration when under
full load is easily defeated. A security device that blocks critical business applications
when under attack has effectively been defeated.
Testing of network security devices requires a number of techniques, which will be
discussed in the next few sections:
Each cloud
computing and
storage component
can be located at a
different physical
location and
connectd over the
Internet or private
networks. Each of
the connections is
a potential security
risk.
Encrypted traffic
16
background of real-world multiplay traffic. That is, a mix of voice, video, data, and other
services that constitute normal traffic should be applied to the DUT such that the sum of
the malicious and normal traffic is the maximum for the devices interfaces.
The QoE for each of the normal services must be measured to ensure that end users
satisfaction will not be sacrificed. For example, VoIP requires very little bandwidth, but
latency and jitter impairments are immediately heard by the human ear.
Encrypted Traffic
As enterprises move to connect their multiple sites and mobile and remote users together
into a corporate virtual private network (VPN), data encryption is becoming increasingly
important. Data encryption ensures both privacy and authentication of the sending party
through the use of certificates and other techniques.
The process of establishing an encrypted link, and then subsequent encryption and
decryption can be a significant load for a security device. It is essential that a realistic
mix of encrypted traffic be mixed with clear traffic during performance testing. The rate
at which encrypted connections can be established is particularly important, representing
how quickly a network can resume normal operation after an outage.
Proper security
testing requires that
a number of known
vulnerabilities
be applied to
security devices
at a significant
percentage of linerate.
Conclusion
Testing of cloud components and systems requires a variety of techniques some
standard and some new. The very thing that makes cloud computing so attractive,
virtualization, poses an interesting challenge for network and application testing.
Virtualization of the test tools themselves provides the key to testing the cloud.
17
White Paper
This material is for informational purposes only and subject to change without notice. It describes Ixia's present plans
to develop and make available to its customers certain products, features, and functionality. Ixia is only obligated to
provide those deliverables specifically included in a written agreement between Ixia and the customer.
26601 Agoura Road, Calabasas, CA 91302 | Tel: 818.871.1800 | Fax: 818.871.1805 | www.ixiacom.com | 915-2950-01 Rev A August 2011