IT operations managers face escalating server and storage needs as a result of the continued rapid growth in applications and data. This growth is far outpacing the capabilities of data center budgets, facilities, and administration resources. To address these challenges, the IT organizations of many enterprises and service providers are adopting consolidation and virtualization strategies for server, storage, and network resources in an attempt to improve utilization and better control costs.
Until now, these efforts have been planned and administered in separate technology domains, individually by the server, storage, and network teams, even though applications themselves use a combination of all three resources. Treating server, storage, and network infrastructures as separate domains requires constant manual configuration and realignment among the three, leading to long lead times for application provisioning, scaling, and recovery. Furthermore, as the number of managed networked entities continues to grow and as more of these resources are virtualized, the act of connecting computing, storage, and network services in a secure and repeatable fashion becomes increasingly complex, costly, and unmanageable, eliminating much of the benefit initially realized from virtualization. Until there is a better way to achieve alignment across these technology domains, server, storage, and network managers will continue to face the following data center realities:
• Inability to quickly provision new applications because of the siloed, uncoordinated nature of data center operations
• Insufficient flexibility to keep pace with increasingly dynamic business requirements as the rate of application change accelerates
• Proliferation and low utilization of resources caused by the static and rigid mapping of applications to infrastructure elements
• Long failure recovery times unless costly redundant systems and break-fix support agreements are implemented
To address these challenges, proactive, coordinated provisioning and reuse of physical and virtualized infrastructure resources are needed. A solution with these features would provide a common way to allocate resources to applications based on operational best practices and business priorities and would dramatically improve both initial provisioning and modification or recovery of existing applications in response to changing requirements and events.
® is helping customers move toward a service-oriented infrastructure (SOI) by providing the network fabric and network services across which shared physical and virtual resources can be aggregated, secured, and dynamically delivered as services.
Recognizing the need for coordinated provisioning and orchestration of these networked resources as services, Cisco is working to help IT organizations address these requirements and advance the data center infrastructure.
Introducing Cisco VFrame Data Center
Cisco VFrame Data Center (DC) 1.1 is a service orchestration solution that enables the coordinated provisioning and reuse of physical and virtualized computing, storage, and network resources from shared pools, using the network to help ensure that applications are dynamically supported throughout the infrastructure.
The industry's first service orchestration solution to use the ubiquity of the network, Cisco VFrame DC can achieve cross-technology orchestration, helping customers progress further toward an SOI. Cisco VFrame DC provides a wide range of benefits, including lower costs, greater IT agility, and better business responsiveness.
• Operational cost savings: Cisco VFrame DC lowers overall data center operating costs by making the process of provisioning and changing infrastructure configurations more efficient. Cisco VFrame DC accelerates or automates many of the mundane, time-consuming tasks for server, storage, and network administrators, such as allocation of server OS loads, Fibre Channel zoning, and VLAN and virtual storage area network (VSAN) configuration. Cisco VFrame DC also reduces costs associated with deploying redundant systems or break-fix support agreements by helping IT rapidly recover from disruptions and reprovision a failed service from a cost-effective shared resource pool.
• Faster and simpler service orchestration: Cisco VFrame DC speeds up new application provisioning as well as application reconfiguration and scaling. By providing a single tool for proactively planning and orchestrating the creation and management of development, testing, and deployment environments, Cisco VFrame DC enables helps enable faster application time-to-market, simpler infrastructure repurposing, and streamlined IT collaboration.
• Robust virtualization scale-out: Cisco VFrame DC helps ensure that production applications can be deployed or migrated across virtualized infrastructures without sacrificing security, reliability, or performance. Cisco VFrame DC helps customers dynamically align the necessary network configurations and services to proliferating virtual machines so that applications deployed on a virtualized infrastructure experience the same protection, reliability, and service levels as applications deployed on traditional physical infrastructures.
A network-driven approach to service orchestration offers exceptional visibility and control across all heterogeneous networked data center infrastructure resources. The data center network provides a platform for the orchestrated provisioning of both physical and virtualized resources and allows a wire-once approach that reduces manual intervention and increases flexibility across all technology domains. A network-based approach offers:
• SOI visibility: Provides visibility into and access to all networked data center resources and services for discovery, provisioning, and configuration
• Connectivity awareness: Has access to the physical and logical relationships, connections, and topologies of resources so that they can be assembled into meaningful application services
• Dynamic associations: Helps enable resources that would otherwise be static and isolated to be dynamically controlled and connected into logical services without manual intervention
• Security and isolation: Through the in-depth security and isolation that only the network can apply dynamically, provides protection for shared services provisioned to any application, workgroup, or company
Overall, Cisco VFrame DC facilitates less expensive, faster, and more reliable infrastructure in the short term and gives data center operations a pragmatic path toward SOI. Cisco VFrame DC allows for increased levels of collaboration and alignment among previously siloed server, storage, and network infrastructure domains. Cisco VFrame DC is best used as a collaborative tool to help organizations better utilize resources, align the infrastructure more closely with ever-changing business requirements, and ultimately achieve the full benefits of a service-oriented approach.
Implementing Cisco VFrame DC
Cisco VFrame DC is best implemented using a balanced, phased approach. Successful Cisco VFrame DC customer implementations often follow this typical pattern:
• Address individual problem areas: Typically, the first Cisco VFrame project solves a specific operational or budget problem. The Cisco VFrame DC investment can be justified based on the savings from one or more of these projects alone. Typical focused projects include the following:
– Eliminating the expense of rapid break-fix support contracts with automated remapping of operating system and application images on an active standby server from a shared pool
– Reducing total cost of ownership (TCO) by eliminating the need to maintain redundant servers for each application by creating a shared pool that any application can rapidly use
– Helping ensure service-level agreement (SLA) consistency and I/O design compliance for any servers hosted through Cisco VFrame DC by using standardized templates and well-structured, prepackaged configuration modules
– Expanding VMware virtual infrastructure server (ESX Server) pools on demand with network-directed virtual interface server builds
– Implementing production-ready virtualized servers with coordinated network and storage provisioning and with full segmentation of the Ethernet and Fibre Channel networks
– Addressing localized disaster recovery of server racks and localized equipment failures with the capability to quickly recover failed applications on alternative server racks
– Improving application hosting agility, including implementing more complicated security and load-balancing settings based on the Cisco VFrame DC service-oriented template design, resource selection, and service deployment modules
– Implementing multiple-department and multiple-client services creation and segmentation based on the well-structured role-based access control (RBAC) interface and read and write partitioning sophistication of Cisco VFrame DC
• Promote data center collaboration: After early success has been achieved, Cisco VFrame DC is best used to promote collaboration. Encouraging server, storage, and network teams to proactively collaborate on service templates helps overcome basic organizational inertia and fosters an environment for transforming the way that data centers are run.
• Automate infrastructure provisioning and change: The ultimate goal of Cisco VFrame DC is to achieve a service-oriented approach to data center operations and automate the way that infrastructure elements support applications and business priorities. Cisco VFrame DC orchestrates separate server, storage, and network virtualization initiatives to make SOI a reality.
Inside Cisco VFrame DC
Cisco VFrame DC consists of a high-availability appliance, a Java-based software application, a client GUI, and a Web services application programming interface (API); these components are used by server, storage, and network operations teams to provision and reuse infrastructure components.
The power of Cisco VFrame DC comes from its ability to orchestrate existing physical and virtual data center resources. Cisco VFrame DC is designed to be interoperable and fully integrated with most commonly deployed server, storage, and network platforms. This interoperability applies both downstream, with underlying server, storage, and network resources, and upstream, through the API, with packaged and in-house management and automation tools. Cisco VFrame DC is designed to complement existing investments in consolidation and virtualization, orchestrating virtualized resources such as networks (for example, VSANs, VLANs, and virtualized firewalls), servers (for example, hypervisors and virtual machine technologies), and storage (for example, network-hosted storage virtualization).
Cisco VFrame DC has been designed to preserve existing services and to deploy only new virtual and physical resources that have been defined within the service templates, based on comprehensive discovery of existing and available data center infrastructure resources. This background discovery process enables deployment within existing data centers without the need to purchase an entirely new data center infrastructure to implement an SOI. Moreover, Cisco VFrame DC completely removes all running and idle services when a service template is retired and removed from operation. All lower-level configurations are removed, thus freeing these services for new services definitions. This service removal process provides a clean approach and improves utilization of limited virtual services such as VSANs, VLANs, virtual IP, and access control lists (ACLs).
Figure 1. Relationship Between Service Templates, Service Networks, and Resource Pools
The appliance-hosted Cisco VFrame DC software functions can be divided into four categories that reflect the service orchestration process: design, discover, deploy, and operate.
• Design: In this phase, logical infrastructure service templates describe the server, storage, and network resources and topology required to host a specific application service. These reusable templates present the rules by which data center resources support applications.
• Discover: Available networked physical and virtualized resources are detected and pooled based on attributes such as performance, capacity, and availability.
• Deploy: Services are instantiated based on the requirements that Cisco VFrame DC defines in a service template and the resources it discovers. The application applies a service template to a specific application requirement by orchestrating the provisioning of a service network from the available shared pools of server, storage, and network resources (Figure 1). When the service is ready to be decommissioned, Cisco VFrame unconfigures and returns the resources to their pools.
• Operate: Common operating tasks such as failover, policy-based resource optimization, and service maintenance are automated using Cisco VFrame DC, which also integrates with other system management systems through the Web services interfaces.
Cisco VFrame DC follows a simple workflow that gives data center administrators the necessary abstraction between the logical resources that are needed for applications and the physical resources that power them. The application can discover and orchestrate physical and virtual resources within the data center. On the basis of requirements defined for the logical elements of a service network, Cisco VFrame DC allocates appropriate physical or virtualized resources and configures and activates the service network. In this way, it helps server, storage, and network administrators to create a flexible infrastructure that can adapt to changing application requirements.
Table 1 lists some of the main features of Cisco VFrame DC.
Table 1. Main Features of Cisco VFrame DC
• The service template is a logical definition of the application infrastructure; it defines the basic elements such as server groups, storage, and load balancers and the connectivity that is required among them. A template can be used to create multiple service networks.
• A template is like a class definition in object-oriented programming. It defines the basic structure and behavior of the service.
• A Web service template consists of a firewall, load balancer, server group, and storage.
• A multitier application template consists of independent server groups for each tier, storage associated with each server group, firewalls as needed before or between the tiers, etc.
• Service networks are instantiations of a service template; they provide the mapping of a logical service template to the physical resources. A service network comprises the actual server, storage, and network resources required for a specific service.
• A service network is equivalent to an object in object-oriented programming. It is derived from a general class (template) but has specific properties associated with the applications that it is running.
• A payroll application service network in an enterprise may be derived from a multitier service template.
• Multiple Web application service networks can be derived from a single Web service template to cater to different Web applications.
Cisco VFrame DC discovers Intel x86-based servers, network-attached storage (NAS) and Fiber Channel-attached storage, Ethernet and Fiber Channel switches, and network services modules such as firewalls, load balancers, and Secure Sockets Layer (SSL).
Servers have make, model, CPU, and memory information. Switches have all the relevant hardware and OS information. Storage has volume and logical unit number (LUN) information, etc.
The discovered physical resources can be grouped based on capabilities, performance, type, etc.
Following are some possible groupings:
• Servers with CPU greater than 3 GHz and memory greater than 8 GB
• Firewalls that support transparent mode
• Storage LUNs that are dual connected and have capacity greater than 50 GB
• Cisco VFrame DC has built-in policies that allow changes to the application infrastructure. It monitors server capacity and load through a host-based agent.
• Built-in policies allow server additions and deletions for CPU or memory-based thresholds or time-based events.
• This approach allows data center administrators to manage asynchronous workloads much more efficiently because there is no need for dedicated servers that are idle during nonpeak hours associated with each application.
• Add two servers to the Web server farm if server utilization exceeds 90 percent for more than 10 minutes.
• Reduce the number of servers in the application1 server pool at 5:00 p.m. every day and move the servers to application2.
• Add servers to application1 at 6:00 a.m. every day and reduce servers for application2.
Cisco VFrame DC provides an open scripting interface that uses Extensible Markup Language (XML) and Perl. This feature allows the execution of custom user commands on managed devices at predetermined provisioning events.
• Add an Ethernet port ACL through scripts whenever a new server is brought online.
• Activate the right policies on a load balancer for a server group.
Lights Out management macros
These adapter scripts provide power management functions for servers. They are modular and provide a very flexible way to add server support.
Additional server power management support beyond Integrated Lights Out (iLO), IBM Remote Supervisor Adapter (RSA), Dell Remote Access Card (DRAC), and APC power strips can be modularly added.
These modular adapters provide a simple mechanism for storage array integration.
Support for additional Fibre Channel storage arrays can be modularly added for LUN discovery and masking functions.
Cisco VFrame DC allows multiple users to be given unique access privileges through role definitions. The management of resources can also be segmented through the use of virtual contexts, which provide separation between departments or customers accessing a common pool of resources.
• All network devices can be discovered only by the network administrators.
• Servers belonging to department X can be managed only by a specific systems administrator.
Server remote boot management
Cisco VFrame DC can provide Preboot Execution Environment (PXE)-based Network File Sharing (NFS) boot services for Linux servers and PXE and SAN-based Fire Channel boot services for both Linux and Windows servers.
A dataless bare metal server can boot over the network with a Linux Web server image. Depending on requirements, the server can be undeployed and reused as a Windows server at a different time.
Cisco VFrame DC Appliance
A self-contained secure appliance makes the introduction of Cisco VFrame DC into a data center simple. Two appliances can be used as a high-availability pair.
The appliance can be brought online without any software integration: Simply connect the Ethernet and Fibre Channel ports to their respective switches, power it up, and run a setup command.
Cisco Web Services Interface and Software Development Kit
Cisco VFrame DC provides a rich Web services-based interface that allows integration with third-party or custom-built data center management software.
• External policies can be entered into Cisco VFrame DC through the API to change the behavior of a service network.
• Event notifications are made available to provide the status of the service network. Queries can also be issued for information about discovered devices.
Cisco VFrame DC will be available for customers to order starting August 2007.
Table 2 lists ordering information for the Cisco VFrame DC.