Guest

Cisco VFrame Data Center

Cisco VFrame Data Center 1.2 Service Orchestration Solution

  • Viewing Options

  • PDF (544.8 KB)
  • Feedback

Cisco® VFrame Data Center (DC) is a network-driven service orchestration solution that enables the coordinated provisioning and repurposing of physical and virtualized infrastructure services comprising network, storage, and compute resources. Cisco VFrame Data Center enables IT administrators to rapidly commission infrastructure environments to support new application services from shared pools of resources. It also helps enable dynamic modification of existing infrastructure environments in anticipation of changing application requirements or in response to unplanned disruptions.

Cisco VFrame DC allows IT departments at large data centers evolve to a service-oriented infrastructure, so that shared server, storage, and network resources can be aggregated, secured, and dynamically delivered to applications as services across a network fabric. Cisco VFrame DC follows a simple workflow that gives data center administrators the abstraction needed between the logical infrastructure resources that are needed for applications and the physical resources that power them.
In this release, Cisco VFrame DC adds several new capabilities aimed at making infrastructure management even easier:

• Cisco VFrame coordinated provisioning capabilities have been extended to bring VMware ESX servers online quickly and consistently. With SAN-based remote boot support and rapid, consistent provisioning of the physical SAN, LAN, and network service configurations associated with the ESX hypervisor, including the virtual switch, VFrame brings significant scalability to server virtualization environments

• Support for ESX clusters includes VLAN trunking to servers and API based signaling to VMware VirtualCenter that registers ESX servers as they are deployed. Through the API, VFrame also provides a console view of virtual machines that are deployed by VirtualCenter

• Using policies, ESX clusters can be dynamically resized with automated network and storage configurations

• SAN- and NAS-based storage can now be templatized by Cisco VFrame DC and represented as part of the infrastructure. With this release, Cisco VFrame DC also provides advanced SAN management capabilities such as automatic path selection on Fibre Channel and support for additional storage switches

• Server images can now be versioned by Cisco VFrame DC, making it easier to choose the appropriate images for the SAN and NAS booted servers that are managed by Cisco VFrame

Key Cisco VFrame Data Center Benefits

As the industry's first service orchestration solution to use the ubiquity of the network, Cisco VFrame DC can achieve coordination across all networked physical and virtualized resources. The application offers a wide range of benefits, including lower costs, greater IT agility, and greater business responsiveness.

Operational cost savings: Cisco VFrame DC lowers overall data center operating costs by enabling infrastructure configurations to be provisioned and changed more efficiently. The solution accelerates or automates many of the mundane, time-consuming tasks for server, storage, and network administrators, such as server OS loads, Fibre Channel zoning, and VLAN and VSAN configuration. Cisco VFrame DC also reduces costs associated with deployment of replicated systems and break-fix support agreements by helping IT rapidly recover from disruptions and reprovision a failed service from a cost-effective, shared resource pool.

– Resource pooling and policy-based optimization, resulting in fewer resources that are more efficiently managed and powered

– Reduced resource proliferation through repurposing of unused resources

– Template-based provisioning of infrastructure, providing an efficient "design once, deploy many" operation collaboration model

– Integration with existing third-party service dashboards through the open web services API, providing investment protection and enabling dynamic changes to infrastructure capacity based on business policies

Faster and simpler service orchestration: Cisco VFrame DC speeds up new application provisioning as well as application reconfiguration and scaling. By proactively planning and coordinating the creation and management of development, test, and deployment environments in a single tool, Cisco VFrame DC accelerates application time to market, simplifies infrastructure repurposing, and streamlines IT collaboration.

– Faster time to market for applications and application services, with coordinated workflow for faster provisioning of the infrastructure required to roll out new applications

– Dynamic repurposing of pooled server, storage, and network resources to align with changing application requirements

– Automated provisioning of SAN, LAN, and network services configurations for the VMware ESX environment, reducing total server provisioning time to minutes instead of hours

Robust virtualization scale-out: Cisco VFrame DC helps ensure that production applications can be deployed or migrated across virtualized infrastructures without sacrificing security, reliability, or performance. Cisco VFrame DC helps customers dynamically align the necessary network configurations and services to proliferating virtual machines so that applications deployed on a virtualized infrastructure experience the same protection, reliability, and service levels as can be achieved in deployments on traditional physical infrastructures.

– Dynamic VMware ESX cluster sizing and automated policy-based physical capacity management synchronization with VMware VirtualCenter

– Assurance that additional server capacity coming into a cluster has the same networking and storage configurations as others in the cluster

– Capability to make changes such as VLAN or storage logical unit number (LUN) addition or deletion that apply to multiple ESX Servers in bulk across an entire cluster from a single console

Cisco VFrame Data Center 1.2 Components

Figure 1 shows the main components of Cisco VFrame DC.

Figure 1. Components of Cisco VFrame Data Center

Cisco VFrame Data Center Appliance

The Cisco VFrame DC appliance is the central orchestration and provisioning controller that connects to the Ethernet and Fibre Channel networks of the data center.

• Scalability of up to 500 servers, with concurrent server provisioning

• Inclusion of Fibre Channel and Ethernet appliance interfaces for provisioning and monitoring of Ethernet and Fibre Channel fabrics

• Component-level high availability with dual power supplies and hard disks

• System-level high availability using two appliances: a primary-and-secondary pair with automatic data synchronization and automated failover between them

• Command-line interface (CLI) similar to that of the Cisco IOS® Software for initial setup and configuration

Cisco VFrame Data Center GUI

Cisco VFrame DC hosts a Java-based client that accesses the application running on the appliance.

• Secure access through role-based access control (RBAC)

• Graphical topology views of the network and its connected devices

• Intuitive drag-and-drop function for designing service templates and service networks

• Out-of-the-box service template for rapid, compliant, repeatable ESX hypervisor cluster provisioning and configuration

• Locally run client downloaded through a web browser

• Automatic upgrade upon connection to the Cisco VFrame appliance

Cisco VFrame Web Services Interface and Software Development Kit

A programmable interface allows you to script actions for Cisco VFrame DC to perform. Developers can write applications that can configure, query, monitor, and control all resources managed by the application. This Extensible Markup Language (XML) standards-based interface using Simple Object Access Protocol (SOAP) messaging can be used to integrate with third-party or in-house management applications such as enterprise monitors and workflow managers.

Cisco VFrame Host Agent

Cisco VFrame DC offers a host agent that runs on the servers that it manages.

• Server heartbeat communication to the Cisco VFrame DC appliance to enable rapid server failover

• Capacity utilization metrics that provide information to dynamic policy-based triggers to add or delete servers based on load

• Graceful shutdown of servers at the OS level during dynamic reprovisioning

• Lightweight agent that does not affect application performance

Cisco VFrame DC Macros

Cisco VFrame DC provides an open interface for creating macros to allow administrators to create custom provisioning actions. This same interface is used for server power management and storage disk management functions. The application ships with samples of common macros that can be used for provisioning.

Main Features

The appliance-hosted Cisco VFrame DC software functions can be divided into four categories that reflect the service orchestration process: design, discover, deploy, and operate. VFrame DC also offers robust security features to enable secure collaboration, and API and software development kit (SDK) support to help ensure sustainable integration.

Design

In the design phase, logical infrastructure service templates describe the server, storage, and network resources and topology required to host a specific application service. These reusable templates present the rules by which data center resources support applications.

Service templates: This industry-pioneering feature allows IT administrators to logically define the infrastructure components that form the service required to host a defined class of applications. The service template is created through an intuitive graphical drag-and-drop interface that allows users to specify the logical components such as servers, firewalls, load balancers, network VLANs, and storage network VSANs that need to be a part of the service. The connectivity among these elements is also defined as a part of the service template. The template is represented as an XML data set that can be exported or imported by multiple Cisco VFrame DC instances and third-party applications. Multiple applications that belong to the same class and require similar infrastructures can be hosted using a single service template to help ensure compliance at the infrastructure architecture level. For example, separate service templates might be created for multi-tier, intranet portal, and e-commerce portal applications because each may require different infrastructure architectures. Figure 2 shows a sample template representing the infrastructure required to support a three-tier application.

Figure 2. Example of an ESX Cluster Template

Cisco VFrame DC 1.2 ships with a specially designed service template that enables rapid, compliant, repeatable ESX hypervisor cluster provisioning and configuration, providing significant cost savings in a typical ESX hypervisor environment and reducing the ESX cluster provisioning time from days or hours to minutes.

Service networks: A service network is an instance of a service template and represents the logical infrastructure required to host a particular application or application service. Figure 3 shows multiple service networks derived from their associated service templates, according to the intended application type. Multiple similar service networks can be created based on a single service template. Each service network can be customized with application-specific parameters such as VLAN ID, IP address, server image, and storage type. Users can control resource allocation to the service networks by associating specific resource pools, such as a server pool or a VLAN pool, with the logical elements of the service network. Users simply fill out values for parameters, such as a VLAN ID or a server image, that are associated with the logical elements of the network.

Figure 3. Service Networks Derived from Templates

Event maps: Event maps provide a visual representation of the Cisco VFrame DC orchestration workflow derived automatically from a service template. They provide a detailed view of the exact steps that will be taken during the orchestrated provisioning of the service. You can add custom events to any part of this workflow to perform special provisioning actions in the midst of the standard workflow. Figure 4 shows a typical Cisco VFrame DC event map.

Figure 4. Event Map Detailing Orchestration Workflow

Extensibility macros: Extensibility macros allow you to perform script-based custom operations as part of the provisioning workflow. Macros are Perl-based scripts that can be attached to specific events in the orchestration workflow. This powerful mechanism helps you work on standard CLIs and pass on any device configuration parameters, from VLAN IDs to firewall rules, that can be configured for devices as part of the service provisioning action.

Discover

Available networked physical and virtualized resources are detected and pooled based on attributes such as performance, capacity, and availability. Figure 5 provides an example of the Cisco VFrame DC discovery map showing pools of detected available resources.
Comprehensive discovery of data center resources includes:

• Topology-aware discovery of Layer 2 networks with Ethernet switch properties, interconnectivity information, VLANs, and port properties

• Discovery of Fibre Channel fabric with Cisco MDS 9000 family storage network switch properties and VSAN information

• Discovery of Brocade Fibre Channel SAN infrastructure

• Fibre Channel storage array and LUN discovery, extensible through storage macro framework

• Discovery of Fibre Channel host bus adapters (HBAs) on Intel x86 servers with vendor and firmware versions

• Discovery of Ethernet network interface cards (NICs) on x86 servers with vendor and firmware versions

• Discovery of information about server NIC and HBA connectivity to Ethernet and Fibre Channel switches, respectively

• Discovery of Layer 4 to 7 device modules connected to a Cisco Catalyst® 6500 Series Switches chassis, including virtual contexts and devices on Cisco Catalyst 6500 Series Firewall Services Modules

• Discovery of Cisco Application Control Engine (ACE) devices

Figure 5. Comprehensive Discovery and Visualization

Granular resource control includes:

• Selective inclusion of discovered devices for automated management

• Discovery scope control using IP address ranges and Cisco Discovery Protocol seed radius

Capacity and performance assurance using dynamic resource pools includes:

• Automatic filtering of capability-based dynamic resource pools based on discovered device attributes

• Automatic pooling for newly discovered devices based on attributes

• Logical resource pools for entities such as IP addresses, VLANs, and Dynamic Host Configuration Protocol (DHCP) ranges

Server image management includes:

• File- and block-based server OS image snapshot for visibility into NAS and SAN storage, respectively

• Import of snapshots from images created on other Cisco VFrame DC systems

• Browsable image library including properties of the image and the server from which the snapshot came

• Capability to map server image to the current physical server running the image

Deploy

Services are instantiated based on the requirements that Cisco VFrame DC defines in a service template and the resources it discovers. The application applies a service template to a specific application requirement by orchestrating the provisioning of a service network from the available shared pools of server, storage, and network resources. When the service is ready to be decommissioned, Cisco VFrame DC unconfigures and returns the resources to their pools.

• Selection of resources from discovered pools based on parameters such as capacity, availability, and performance characteristics as specified in the template

• Rapid, repeatable, compliant provisioning of VMware ESX clusters

• Remote boot of bare metal server from the NAS or SAN and configuration of downstream network and storage mappings

• Automatic configuration of LUN paths between servers and storage arrays

• Remote SAN boot of dataless servers from Fibre Channel LUNs with automated zoning and storage array LUN masking and mapping

• Remote NAS boot of dataless servers with quota tree creation and volume export control

• Dynamic configuration of network resources and LAN access, including IP addressing, VLANs, network teaming, and Hot Standby Router Protocol (HSRP) based on template parameters

• Dynamic configuration of SAN resources and SAN access, including zones, VSANs, and LUN masking and mapping as defined by the service template

• Dynamic configuration of network services, including server load balancers and primary firewall settings as defined by the service template

• Simplified deployment through single-step orchestration; the deployment follows the event map workflow represented in the template using the parameters specified for the particular service network instance, and the deployment action can be controlled through the RBAC mechanism to help ensure protected access

• Predeployment trial run, so that prior to configuration, you can test the provisioning steps to verify deployment order, actual CLIs, and the devices that will be affected; this trial run does not change any configurations on the devices

• Automated error detection and rollback during deployment; error checking stops on fatal errors encountered during configuration, changes are rolled back to restore the configuration to its previous state, and administrators are notified through email and logging so they can take corrective action before attempting reconfiguration

• Entire service networks can be restored either manually or through policies; the restoration operation restores the configuration of the deployed resources for a service network to its prior state and returns the resources to the resource pools for subsequent use on another service network

Operate

Common operating tasks such as failover, policy-based resource optimization, and service maintenance are automated using Cisco VFrame DC, which also integrates with other system management systems through the web services interfaces.

Policy-based server capacity optimization:

– Touchless server failover with automatic reconfiguration of LAN and SAN access

– Load based addition and deletion of servers based on CPU load or memory use

– Time-based server addition or deletion

– Maximum and minimum thresholds for number of servers for assured service levels

– Automatic capacity addition and deletion for ESX clusters from spare server pools

Easy troubleshooting with logical-to-physical resource mapping: Information about the physical resources powering a logical element in the service network at any given time is always available. You can use this information to quickly zoom in from the application infrastructure to a component device level without having to worry about manually cataloging which device is used for what application.

Logging, fault notification, and user audit: Logs with user, action, timestamp, and event details are available for all actions. Available through syslog, the logs have filtering capabilities. Automatic notification is available for registered users for specific alarms. This notification is also available through the web services interface for any third-party application, such as an enterprise monitor, that needs status information.

Running network verification: Configuration of the running network can be compared against parameters programmed by Cisco VFrame DC and reported. Optionally, corrective action can be taken to fix existing configurations and restore them to known configurations.

Reporting: A built-in reporting engine provides reports on resource utilization, service network availability, server usage trends, and administrative user logins, among others. These reports can be exported from Cisco VFrame DC for use with applications such as charge-back schemes and executive metrics.

Security

Cisco VFrame DC offers a robust set of security features to help ensure secure communications, authorized user access to its features and managed resources, and granular access rights for different users.

Multitenancy with virtual contexts: Cisco VFrame DC can be virtualized into multiple virtual contexts, each with its own resource allocations and service networks that are managed, allowing secure concurrent access to a common set of resources by multiple user groups. This setup is ideal for resource delegation to subgroups of administrators or customers.

Users and roles: To provide access control, users can be defined within Cisco VFrame DC and made members of specific virtual contexts. Users can be assigned to specific granular tasks such as template design, storage discovery, or network operator through a RBAC mechanism.

Communications: All communications to configured devices are secured with Secure Shell (SSH) Protocol. Communications between the host agents and Cisco VFrame DC, and in high-availability configurations between Cisco VFrame DC appliances, are also secure.

Web Services API for Integration with Third-Party Systems

The web services API allows IT organizations to integrate Cisco VFrame DC into existing operation frameworks that include packaged applications and applications developed in-house.

• Software development kit with Web Services Description Language (WSDL) for development of third-party clients to interface with Cisco VFrame DC

• Two-way information exchange, including notification of service network availability status, server reboot status, server maintenance mode status, and guided server reprovisioning changes

• Entry of external application-level policies to change infrastructure properties

• Coordinated orchestration of event changes with external monitoring systems to protect against conflicting policy settings and constant server reboot flapping

• Query capability to access discovered and pooled resources for integration with third-party databases or configuration management databases (CMDB).

Availability

Cisco VFrame Data Center 1.2 will be available for ordering starting August 2008.

Ordering Information

Cisco VFrame DC is available as an appliance; two appliances form a high-availability pair. Support for a limited number of server access ports is bundled with the appliance. Customers can purchase additional port licenses by ordering either a single license or a fabric license that provides unlimited ports per Cisco VFrame DC instance (Table 1).

Table 1. Ordering Information

Part Number

Description

SV-VFDC-K9

VFrame DC Base Appliance

SV-VFDC-HA-K9

VFrame DC High Availability Appliance

SV-VFDC-LIC-SGL

VFrame DC Per Port License

SV-VFDC-LIC-FAB

VFrame DC Fabric License

SV-VFDC-HA-K9=

VFrame DC High Availability Appliance Spare

SV-VFDC-LIC-SGL=

VFrame DC Per Port License Spare

SV-VFDC-LIC-FAB=

VFrame DC Fabric License Spare

For More Information

For more information about Cisco VFrame Data Center, contact your local Cisco account representative or visit http://www.cisco.com/go/vframe.