Академический Документы
Профессиональный Документы
Культура Документы
Another Heading ............................................................................................ Error! Bookmark not defined. The Bigger Truth ............................................................................................ Error! Bookmark not defined.
White Paper
Secure Multi-Tenancy
with NetApp, Cisco, and VMware
By Mark Bowker and Terri McClure
April, 2010
This ESG White Paper was commissioned by NetApp and is distributed under license from ESG.
2010, Enterprise Strategy Group, Inc. All Rights Reserved
Contents
A Secure, Virtualized Data Center ................................................................................................................ 3
A New Consumption Model ..................................................................................................................................... 3 NetApp, Cisco, and VMware Secure Multi-Tenancy................................................................................................. 3
All trademark names are property of their respective companies. Information contained in this publication has been obtained by sources The Enterprise Strategy Group (ESG) considers to be reliable but is not warranted by ESG. This publication may contain opinions of ESG, which are subject to change from time to time. This publication is copyrighted by The Enterprise Strategy Group, Inc. Any reproduction or redistribution of this publication, in whole or in part, whether in hard-copy format, electronically, or otherwise to persons not authorized to receive it, without the express consent of the Enterprise Strategy Group, Inc., is in violation of U.S. copyright law and will be subject to an action for civil damages and, if applicable, criminal prosecution. Should you have any questions, please contact ESG Client Relations at (508) 482-0188.
33% 28% 27% 27% 25% 24% 23% 21% 20% 19% 18% 18% 17% 17% 16% 16% 16% 14% 13% 13% 12% 12% 10% 9%
10% 15% 20% 25% 30% 35%
Recognizing the value of virtualization, organizations are looking to expand on their early success. Consolidation, data protection, business continuity, and improved operational processes are all top of mind for these organizations as both the reasons to virtualize and to meet application delivery requirements. The good news for customers is that NetApp, Cisco, and VMware all have existing solutions that deliver in these areas. When these solutions are integrated into one unit, customers benefit from simplified access and accelerated deployment with large-scale solutions that will further their virtualization objectives.
Source: ESG Research Report, 2010 IT Spending Intentions Survey, January 2010. Unless otherwise cited, all statistics come from this report.
As Figure 2 demonstrates, consolidation remains a primary reason for server virtualization: 48% of organizations cited consolidating more physical servers onto virtualization platforms as a top initiative. In addition, 37% put improving backup and recovery of virtual machines near the top of the list. Consolidation is efficient, but it can complicate backup. Most backup/recovery applications were built for a single host, not multiple virtual machines, on one piece of hardware. Strides have been made, but virtual machine backup and recovery remain challenging. Also, 36% of organizations say they want to expand the number of applications running on virtual machines, indicating that they are pleased with the results so far and want to broaden deployment to increase the benefits. Tier 1 applications are next on the list, though they are viewed with some trepidation. Figure 2. Top Server Virtualization Initiatives in 2010 Which of the following would you consider to be your organizations top server virtualization initiatives for 2010? (Percent of respondents, N=345, five responses accepted)
Consolidate more physical servers onto virtualization platforms Improve backup and recovery of virtual machines Expand number of applications running on virtual machines Make use of virtual machine replication for disaster recovery Increase security of virtual server environment Improve operational processes for managing virtual environments Move more applications from test/development to production environment Deploy a storage virtualization solution to support virtual server environment Implement virtual machine mobility / HA (high availability) functionality Integrate virtual environments into existing management software frameworks Purchase third-party management software for virtual environments Evaluate alternative hypervisor solutions/vendors
0%
48% 37% 36% 32% 23% 21% 21% 18% 18% 15% 9% 8%
10% 20% 30% 40% 50% 60%
Figure 3. Business Initiatives Expected to Have the Greatest Impact on Spending Decisions Which of the following business initiatives do you believe will have the greatest impact on your organizations IT spending decisions over the next 12-18 months? (Percent of respondents)
Cost reduction initiatives
47% 31% 35% 25% 30% 24% 27% 22% 18% 21% 23% 19% 18% 16% 13% 9% 13%
54%
Regulatory compliance Business growth via mergers, acquisitions, or organic expansion Improved business intelligence and delivery of realtime business information Green initiatives related to energy efficiency and/or reducing company-wide environmental impact Research and development innovation/improvement
2009 (N=492)
2010 (N=515)
International expansion New collaborative tools and business processes utilizing Web 2.0 technologies such as blogs, wikis, social networking services, etc.
0%
12% 14%
10% 20% 30% 40% 50% 60%
Cisco
Ciscos contribution includes the Unified Computing architecture, unified fabric, and the Nexus series of data center class switches. The Unified Computing System (UCS) seamlessly integrates with Ciscos Nexus series of switches. Because applications can be deployed in minutes, the UCS provides flexibility and agility for the business. The Unified Computing architecture combines compute, network, and storage access, as well as virtualization, into a scalable, modular system that is centrally managed by the Cisco UCS manager, keeping both acquisition and management costs low. Ciscos unified fabric consolidates network traffic into a single, general purpose, highperformance, highly available 10 Gb Ethernet network. Instead of having to run parallel networks for data, storage, server clustering, and management, this unified fabric simplifies network infrastructure and reduces costs. Its intelligence enables it to deliver a higher level of performance while guaranteeing both isolation and security of user and data traffic. The Cisco Nexus 1000V Series switches provide intelligent software switching for VMware vSphere environments. These virtual switches operate inside the VMware ESX hypervisor and support VN-Link server virtualization technology, which provides policy-based virtual machine connectivity and mobile VM security and network policy. In addition, Nexus 2000, 5000, and 7000 Series data center switches deliver advanced capabilities with end-to-and security for all network traffic. Cisco TrustSec creates role-based security including secure access control, a converged policy framework, and pervasive integrity and confidentiality.
NetApp
In the storage layer, NetApp unified storage with MultiStore technology is the security foundation. MultiStore, introduced several years ago as a pioneering solution for securing shared storage, allows IT to create completely isolated logical partitions on a NetApp storage system. These discrete administrative domains, called virtual storage controllers, make a single physical storage controller look like many logical controllers. Each virtual storage controller can be individually managed with its own performance and policy characteristics. MultiStore scales easily and non-disruptively migrates virtual storage controllers across physical resources to aid in both scalability and high-availability. By virtualizing storage controllers, MultiStore enables rapid provisioning and the ability to deploy virtual storage controllers based on workload requirements even as they change. The result is complete security in a shared environment that does not hinder growth or inhibit adjustment.
VMware
VMware vSphere provides the platform for infrastructure virtualization, offering centralized tools for monitoring and management across the virtual infrastructure, including role-based access and privileges, audit trail of configuration changes and reports, and real-time performance monitoring and analysis. The vCenter server manages all physical hosts and virtual machines centrally for better control and simpler, less costly management in a dynamic, multi-tenant environment. The vNetwork Distributed Switch maintains a network runtime state for virtual machines as they move between hosts, providing a framework for monitoring and maintaining virtual machine security during movement between physical machines. The switch also extends familiar network features and controls to virtual networks and enables integration with the Cisco Nexus 1000V. In-line monitoring and centralized firewall services add to the systems high security. VMwares vShield Zones takes advantage of ESX host proximity and virtual network visibility to create security zones. These virtual appliances reside on each vSphere host and use virtual inventory details regarding vNICs, portgroups, clusters, and zones to simplify firewall rule management and trusted zone provisioning. Logical zones span all physical resources of the virtual server layer, maintaining the levels of trust, privacy, and confidentiality needed in a multi-tenant environment. With vShield Zones, administrators have better visibility into network activity and have the ability to provide and enforce the required levels of isolation and compliance for each tenant in a shared infrastructure.
10
Consolidation and sharing of services creates efficiency, which never goes out of style regardless of economic climate. This type of service-oriented architecture helps IT deliver on budgeting and cost control initiatives as well. It reduces the costs of both equipment and management as resources are shared and managed centrally. In addition, it enables usage tracking and the ability to implement departmental chargeback if desired, creating an activitybased cost structure. This also delivers a deeper understanding for business managers in terms of exactly what infrastructure services cost per application or activityknowledge that can be used going forward to streamline activities. With 54% of respondents to a recent ESG survey reporting operational cost reduction as a top business initiative, this is an important feature. Security has historically been an important IT initiative, but with converged infrastructure, business managers often take a keener interest. Adequate safeguards must be built in and enterprise-wide policies adhered to, as always. This is more important as concerns arise about separation and isolation between internal departments. Service Providers Secure multi-tenancy is extremely valuable for third party infrastructure service providers. In a service providers data center, multiple companies will share data services on the same infrastructuremulti-tenant security across the infrastructure stack becomes absolutely critical. The full confidence that a system such as the solution offered by NetApp, Cisco, and VMware provides through complete isolation and security is paramount. This converged infrastructure allows service providers to make right-sized capital expenditures rather than building for the worst case scenario. Efficient management and automation are top priorities for service providers building an IaaS offering as their business model depends on delivering services while keeping costs down. Deployment speed and the ability to fulfill requests quickly are equally important. Capacity-on-demand must be immediately deliverable where multiple workloads owned by different companies share the same infrastructure; one customers needs cannot interfere with another customers ability to grow. The business depends on guaranteeing performance, availability, and security to customers as well as audibility for compliance. Application owners must be able to count on service levels and consumption of resources must be transparent. The NetApp/Cisco/VMware solution offers all of that. NetApp storage delivers efficient capacity utilization, with MultiStore creating secure logical partitions for data segmentation. By adding logical resources encapsulated in virtual storage controllers, MultiStore enables cost-effective scaling both horizontally and vertically. Different storage systems are not needed to accommodate different protocols as NetApp offers unified block and file storage connectivity in a single system. High availability and disaster recovery are built-in; Raid-DP (double parity) protects against dual disk failure while Snapshot capabilities protect against accidental deletion or corruption of data with fast restore and rollback. SnapMirror provides data replication for offsite backup and archiving. SnapDrive technology extends control of Snapshot and SnapMirror capabilities to each individual tenants host administrators as well. Storage availability becomes particularly important in a consolidated/shared environment as applications and operations rely on fewer physical resources. Losing access to a single physical storage system could take down a number of virtual machines and associated applications. High-availability configurations can minimize disruption and reduce risk of downtime from operator errors while active-active controller configurations enable failover in case of lost access to a storage controller or to prevent downtime for maintenance and upgrades. VMware and Cisco add their own security and high-availability features, many of which have been discussed. In addition, they are working towards the ability to federate between local data centers and service providers, increasing the value of provider services for business owners. Further convergence of the network infrastructure, particularly with Fibre Channel over Ethernet, will continue to streamline and simplify network access. This secure multi-tenancy solution lets service providers offer rapid provisioning as well as decommissioning of resources to customers, making them valuable partners in IT delivery.
11