Cisco® VFrame Data Center (DC) uses the network as a platform to deliver cross-technology orchestration for evolution to a service-oriented infrastructure (SOI).
Today's data centers are struggling to meet the exponential growth in applications and data with resources still characterized by infrastructure and organizational silos. Despite the consolidation and virtualization trends currently underway in data centers, service enablement requires time-consuming manual coordination and implementation across technology domains, resulting in slow response to dynamic business requirements and rising operating and capital expenses. Service orchestration is a powerful operational technique that helps IT organizations achieve greater returns from consolidation and virtualization projects by becoming more service-centric and overcoming technology silo limitations. By dynamically coordinating the provisioning and resource reuse across servers, storage, and networks, service orchestration can help IT achieve substantial efficiencies and improved business alignment. Service orchestration is a key enabler for IT organizations that are evolving to an SOI, where infrastructure is provisioned and managed as a service from pools of shared resources that are aggregated, secured, and presented as services across a network fabric.
Cisco VFrame Data Center 1.1 is the industry's first service orchestration solution to use the network as a platform to help ensure dynamic support for applications throughout the infrastructure. It enables the coordinated provisioning and reuse of physical and virtualized computing, storage, and network resources on demand from shared pools in situations requiring, for example, rapid service deployment, dynamic capacity on demand, and fast disaster recovery. Its wire-once approach reduces costly and time-consuming manual intervention and increases flexibility across all technology domains. Cisco VFrame DC provides immediate answers to today's IT challenges while laying the foundation required for a full SOI, with its benefits of faster deployment, dynamic scalability, improved security and control, and easier collaboration across the IT organization.
Why Service Orchestration
Today's data centers are challenged with the need to support the rapid growth in applications and data and the resulting proliferation of server and storage devices, straining budgets, facilities, and administration resources. According to the December 2006 survey results from the Gartner Data Center Conference, the two biggest demands on IT operations and infrastructure management are supporting the increasing rate of business change and requirements to reduce costs. Adding more, often excess, capacity to meet growing needs is costly. This does not help reduce the estimated 40 percent of the average IT budget that is spent on infrastructure.
To address these challenges, many IT organizations are turning to consolidation and virtualization strategies for server, storage, and network resources. Consolidation allows IT organizations to regain control of distributed resources by creating shared pools of standardized resources that can be rationalized and centrally managed. Many IT organizations have undertaken projects to regain control of expanding storage resources by consolidating into scalable storage area networks. They are also working on consolidating underutilized computing resources by running multiple applications in virtual partitions on a single physical server with virtual machine technologies from companies like VMware, Xen, and Microsoft.
Virtualization allows IT organizations to decouple the physical IT infrastructure from the applications and services being hosted. Although the most immediate motivations for server, storage, and network virtualization are improved resource utilization and lower costs, the ultimate goal is to use the abstraction between applications and infrastructure to manage IT as a service. Sixty-five percent of the respondents in the 2006 Gartner Data Center Conference survey said they were either standardizing or rationalizing their resources, and another 10 percent were on the road to virtualization. Yet as the number of managed networked resources continues to grow and as more resources are virtualized, connecting compute, storage, and network services across silos in a secure and repeatable fashion requires intensive work and results in large capital and operating expenses. Further, as virtualization scales to production environments, the initial benefits of virtualization are stymied or even reversed, and end-to-end service enablement is difficult to achieve.
Although applications and IT services are hosted on a combination of compute, storage, and network resources, the respective infrastructures have remained separate domains. Current data center provisioning involves complex, manual coordination and, depending on the availability of existing resources, as many as seven departments and up to 90 days may be needed to plan, design, acquire, install, configure, test, and launch a new infrastructure environment. As a result, with the current model of separate technology domains, server, storage, and network managers cannot:
• Quickly provision new applications because of the siloed, uncoordinated nature of data center operations
• Keep pace with increasingly dynamic business requirements tied to the rate of application change because of infrastructure inflexibility
• Control the proliferation of and manage the low utilization of resources caused by the static and rigid mapping of applications to infrastructure elements
• Reduce the long failure recovery times unless costly redundant systems and break-fix support agreements are implemented
Figure 1. Operational Challenges for Today's Virtualized Data Center
Service Orchestration Requirements
To address these concerns, organizations need to complement their consolidation and virtualization projects with operational techniques like service orchestration that can simplify the design, deployment, and operation of physical and virtualized environments, coordinated across all the domains. Service orchestration provides centralization and standardization of heterogeneous services that were previously available only as distributed services on end systems such as servers and storage. Service orchestration thus helps IT managers overcome the organic technology silos by helping to dynamically coordinate provisioning and resource reuse across servers, storage, and networks from shared pools. Service orchestration helps address some of the immediate operational challenges resulting from virtualization, while enabling IT to take steps towards automation of time-consuming processes.
Why Network-Based Services Orchestration
With network-based service orchestration, the data center network provides a platform for the orchestrated provisioning of both physical and virtualized resources. It allows a wire-once approach that reduces costly and time-consuming manual intervention and increases flexibility across all technology domains.
Comprehensive visibility and access to all networked resources, connectivity, dynamic control, and security are the four primary benefits of a network-based approach.
• Infrastructure visibility: Provides visibility into all networked data center resources and services for discovery, provisioning, and configuration, regardless of location
• Connectivity awareness: Has access to the physical and logical relationships, connections, and topologies of resources so that they can be assembled into meaningful application services; the network's connectivity awareness can be used to provide continuous visibility into the mapping between networked physical resources and the virtual infrastructure environments that use those resources to support applications
• Dynamic associations: Helps enable resources that would otherwise be static and isolated to be shared and dynamically controlled and connected into logical services without manual intervention, and allows a wire-once approach by using the network to allocate personality, I/O characteristics, and other parameters to resources dynamically
• Security and isolation: Through the in-depth security and isolation that only the network can apply, provides protection for shared and virtualized services provisioned to any application, workgroup, or company
Cisco takes a network-based approach to service orchestration by using the ubiquity, transparency, scalability, and intelligent services of the data center network to make orchestration operationally viable and inclusive of all the necessary resources and IT stakeholders.
Cisco VFrame Data Center (DC) Service Orchestration
Cisco VFrame DC enables the coordinated provisioning and reuse of physical and virtualized compute, storage, and network resources on demand from shared pools. Cisco VFrame DC is the industry's first service orchestration solution to use the ubiquity of the network to help ensure dynamic support for applications throughout the infrastructure. IT administrators can use Cisco VFrame DC to rapidly commission infrastructure environments for new applications as well as provide dynamic modification of existing infrastructures as application requirements change or in response to unplanned disruptions.
Cisco VFrame DC helps enable lower costs, greater IT agility, and better business responsiveness by offering increased levels of collaboration and alignment among previously siloed server, storage, and network infrastructure domains. Cisco VFrame DC complements existing investments in consolidation and virtualization. It can orchestrate virtualized resources, such as networks (for example, virtual storage area networks [VSANs], VLANs, and virtualized firewalls), servers (for example, hypervisors, virtual machine technologies and blade servers), and storage (for example, network-hosted storage virtualization).
Cisco VFrame DC is well suited to the needs of data centers with large and growing server and storage requirements. In particular, enterprise data center organizations with growing server counts and dynamic application needs can adopt Cisco VFrame DC to evolve to a more efficient and services-oriented organization. Likewise managed-service providers providing infrastructure services to multiple customers can simultaneously improve customer responsiveness and operational efficiency by dynamically provisioning resources to different customer environments from shared resource pools. Cisco VFrame DC benefits include:
• Faster time to market for applications through faster provisioning of the application infrastructure
• Single workflow for configuration of separate realms of application infrastructure: server, storage, and network
• Comprehensive resource visibility and simplified troubleshooting
• Reduced operating expenses through orchestration and automation, resulting in fewer repetitive tasks
• Resource pooling and policy-based optimization, reducing resource and heat and power requirements and enabling more efficient management
"Cisco VFrame Data Center is responding to IT requirements for a well-orchestrated virtualized infrastructure that offers capacity on demand. With Cisco VFrame DC, service orchestration customers can achieve clear competitive advantages-operating expenses reduced by 30 to 40 percent, service deployments that take minutes, and data center resources optimized across servers, storage, and networks-thus creating greater IT agility and business responsiveness. Organizations faced with rising capital expenditures (CapEx) and operating expenses (OpEx) are quickly adopting Cisco VFrame DC network-based orchestration services as an integral part of their infrastructure evolution toward SOI and supporting their evolution towards a service-oriented architecture (SOA)."
-Jayshree Ullal, senior vice president, Cisco Data Center, Switching, and Security Technology Group
How Cisco VFrame DC Delivers
As a data center provisioning orchestration solution, Cisco VFrame DC makes end-to-end coordinated orchestration and provisioning of siloed server, storage, and network resources easy and rapid. After the application infrastructure is logically laid out, Cisco VFrame DC finds matching hardware to power the application and configures the networked resources in real time. It then uses policies to modify the infrastructure to meet changing application or service needs.
The VFrame DC functionality can be roughly categorized into 4 areas-design, discover, deploy and operate. In the design phase, unique service templates that describe the distinct infrastructure required by different classes of application are created. The discover phase describes pooling of discovered, networked resources by category. The deploy phase describes the instantiation of a service template to activate the configuration of the appropriate resources. Once deployed the operate phase describes on-going activities such as policy-based changes to the service. Up to 500 servers and all their downstream network and storage settings can be deployed within minutes. An example of a typical use case is described below.
Cisco VFrame DC Use-Case Workflow
In this use case, the IT organization is creating an infrastructure service to host the Web and application tiers of a multi-tier application, from shared bare-metal servers, SAN-attached storage, and Cisco data center network and network services (Figure 2).
Figure 2. Typical Workflow for Deployment of New Service
Data center stakeholders collaborate to define a Cisco VFrame DC infrastructure service template for this application architecture ahead of time, through the intuitive drag-and-drop GUI.
Cisco VFrame DC service templates are a reusable rules-based mechanism to connect services and resources that represent the requirements of a class of application: for example, Web server farms, n-tier applications, or customer-facing e-commerce. The template defines the basic characteristics of the infrastructure for services and applications: all the elements of the infrastructure, the connections between elements, and the specific requirements for those elements. The consistency offered by templates also helps ensure compliance with well-defined design criteria.
In the Cisco VFrame DC design abstraction interface, infrastructure services for each application type can be designed graphically. This graphical approach facilitates group collaboration and speeds up design operations with secured views across all functional groups. A Cisco VFrame DC role-based access control (RBAC) interface delivers segmented access based on individual roles and facilitates collaboration across functional organizations. VFrame DC translates the templates into a configuration workflow that can then be used as the bases for deploying a service network.
Devices (server, network, storage, and network services) are discovered, classified, and grouped into resource pools for subsequent use independent of the service design.
The capability to see resources and plan resource utilization end to end is delivered through the Cisco VFrame Data Center rich discovery mechanism through which resources are fully discovered. This discovery includes comprehensive understanding and mapping of the network connections out of the server, the capability to map services to resources and resources to services, and the capability to identify which resources are available for new applications or application changes. Discovery of data center resources includes discovery of Ethernet and Fibre Channel networks, Fibre Channel storage arrays, x86 servers, host bus adapters (HBAs), network interface cards (NICs), application optimization, and security services. Cisco VFrame DC allows selective inclusion of discovered devices, so that the control span can be delineated at the beginning and increased over time. Besides infrastructure resources, Cisco VFrame DC manages logical resource pools for entities, such as IP addresses, VLANs, and Dynamic Host Configuration Protocol (DHCP) ranges.
-The data center team activates an instance of the template to create a service network that meets the application service requirements.
A service network is an instance of a service template and represents the logical infrastructure required to host a particular application or application service. Multiple service networks can be derived from each service template, depending on the intended application class. Each service network can be customized with application-specific parameters: for example, VLAN IDs, IP addresses, server images, and storage types.
-The data center team associates the resource pools for this service network.
Users can control resource allocation to the service networks by associating specific resource pools, such as a specific server pool or a VLAN pool, to the logical elements of the service network. Users simply provide values for parameters, such as a VLAN ID or a server image, that are associated with the logical elements of the network.
-Cisco VFrame DC configures the LAN and SAN access.
Cisco VFrame DC configures the Ethernet network (for example, IP addressing, VLANs, network teaming, and Hot Standby Router Protocol [HSRP]), common network services (for example, firewalls, load balancing, and Secure Sockets Layer [SSL]), and SAN access (for example, zones, VSANs, and logical unit number [LUN] masking and mapping) based on the template parameters. Cisco VFrame DC powers and boots the identified server hardware and loads the appropriate image from the SAN or network-attached storage (NAS)
Cisco VFrame DC selects and turns on the appropriate server resources from discovered pools based on parameters, such as capacity, availability, and performance characteristics as specified in the template. It then activates the remote SAN boot of dataless servers from Fibre Channel LUNs with automated zoning and storage array LUN masking and mapping. Alternatively, Cisco VFrame DC can activate a remote NAS boot of dataless servers with quota tree creation and volume export control.
-Using defined policies, the service network can be controlled (start, stop, deploy, or add or remove resources) to meet changing business objectives.
Common operating tasks, such as failover, policy-based resource optimization, and service maintenance, are automated using Cisco VFrame DC, which also integrates with other system management systems through the Web services interfaces. Policy-based server capacity optimization capabilities include touchless server failover, load-based and time-based addition or deletion of servers, and maximum and minimum thresholds for number of servers.
-When the application service needs to be turned off or is no longer required, Cisco VFrame DC undeploys the network and returns the resources to their pools for reuse.
Finally, when an application service is no longer required, all resources associated with the service network are returned to the resource pools, and all images and configurations associated with the resources are deleted, thus preparing the resources for redeployment and use in a service network hosting another application.
Interoperability and Integration
Cisco VFrame DC is designed to interoperate and fully integrate with most commonly deployed infrastructure resources. This interoperability applies to underlying server, storage, and network resources and, through the Web services interface, to packaged and in-house management and automation tools. The Web services interface can be used for integration with other systems, such as data center provisioning, change management, and virtualization management systems (Figure 3).
Figure 3. Cisco VFrame Data Center Management Architecture
Adopting Cisco VFrame DC
Cisco VFrame DC is best implemented using a balanced, phased approach. Successful Cisco VFrame DC customer implementations often begin with a focus on immediate individual problem areas that Cisco VFrame DC can address in the near term. Then Cisco VFrame DC can be used to facilitate improved collaboration and coordination between disparate groups. Finally, the role of Cisco VFrame DC can be expanded over time to provide a more holistic foundation for a SOI.
Addressing Immediate Problem Areas
Typically, the first Cisco VFrame project solves a specific operational or budget problem. The Cisco VFrame DC investment can be justified based on the savings from one or more of these projects alone. Typical focused projects include the following:
• Eliminating the expense of rapid break-fix support contracts with automated remapping of operating system and application images on an active standby server from a shared pool
• Reducing total cost of ownership (TCO) by eliminating the need to maintain redundant, high availability servers for each application by creating a shared pool that any application can rapidly use for disaster recovery
• Helping ensure service-level agreement (SLA) consistency and I/O design compliance for any servers hosted through Cisco VFrame DC by using standardized templates and well-structured, prepackaged configuration modules
• Expanding VMware ESX Server virtual infrastructure server pools on demand with network-directed virtual interface server builds
• Implementing production-ready virtualized servers with coordinated network and storage provisioning and with full segmentation of the Ethernet and Fibre Channel networks
• Addressing localized disaster recovery of server racks and localized equipment failures with the capability to quickly recover failed applications on alternative server racks
• Improving application hosting agility, including implementing more complicated security and load-balancing settings based on the Cisco VFrame DC service-oriented template design, resource selection, and service deployment modules
• Implementing multiple-department and multiple-client services creation and segmentation based on the well-structured RBAC interface and read and write partitioning sophistication of Cisco VFrame DC
IT organizations can adopt Cisco VFrame DC to initially address one or more of these bounded challenges without making extensive changes to current operational practices. After implementation, Cisco VFrame DC can be applied to additional use cases and exposed to additional operation groups.
Promoting Data Center Collaboration
After early success has been achieved, Cisco VFrame DC is best used to promote collaboration. Encouraging server, storage, and network teams to proactively collaborate on service templates helps overcome basic organizational inertia and fosters an environment for transforming the way that data centers are run.
Because most customers are organized functionally, with separate server, storage, and network operations teams reflecting their specific technology domains, Cisco VFrame DC does facilitate a shift toward greater collaboration in the way that the data center is managed. Cisco VFrame DC integrates functional provisioning tasks together as application services or a provisioning workflow across separate server, storage, and network resource pools. The consequence of this integration is coordinated provisioning across siloes and closer collaboration among cross-functional teams based on the need to use the Cisco VFrame DC RBAC interface and service templates.
Although closer collaboration can require process and, possibly, organizational changes, the easy, fast orchestration and provisioning of services and applications that Cisco VFrame DC offers directly benefits server, network, and storage administrators by making their jobs easier on a daily basis and by facilitating long-term strategic planning across functional groups. Server administrators gain a wire-once infrastructure, automated failover, automated storage provisioning, and infrastructure visibility, and network administrators benefit from automation of routine tasks, improved security, infrastructure visibility, single point of control, and coordinated provisioning. Storage administrators benefit from the capability to automate routine tasks and gain both storage pooling and storage access control, improving server-to-storage security.
Automating Infrastructure and Change
The ultimate goal of Cisco VFrame DC is to help IT organizations achieve a service-oriented approach to data center operations and automate the way that infrastructure elements support applications and business priorities. IT organizations that are undergoing new data center deployments or major upgrades, major application consolidations, or initiatives to improve IT agility and business continuance may already have made a commitment to evolve to an SOI. In this case, these organizations will be ready to adopt Cisco VFrame DC service orchestration for advanced applications, such as service provisioning acceleration and automation, business continuance and disaster recovery.
Many customers can benefit from Cisco VFrame DC rapid service infrastructure provisioning and repurposing. A service provider that provides infrastructure for hosted applications to customers must be able to share the infrastructure securely among multiple customers and provision it based on customer requirements on an as-needed basis. The goal is to reduce capital outlay for infrastructure while effectively managing changing requirements for provisioning that cross many functional groups.
The Cisco VFrame DC resource pooling capabilities help ensure that the service provider's physical infrastructure meets the service levels required by its customers. The Cisco VFrame DC virtual context capabilities and RBAC capability provide the necessary management and access control for shared resources and multiple users.
If the customer is using an in-house application as the management console, the customer can control the services with the Cisco VFrame DC API acting as a provisioning engine for the service management console.
Business continuity requires not just successful and accurate storage replication but also server and network architecture replication. Servers need to connect to the right storage data sets, and re-creation of appropriate security segmentation for VLANs, VSANs, and storage zones must occur. Cisco VFrame Data Center provides both the foundation that can reduce disaster recovery time significantly and full infrastructure architecture replication capabilities. Cisco VFrame DC helps IT develop a comprehensive business continuity solution by complementing other primary server and storage technologies, such as replication and server virtualization to create cost-effective, advanced business continuity solutions. With it, essential network and storage mappings associated with servers are preserved across the primary and business-continuity sites. When a disaster is declared and the service needs to be activated at the remote location, Cisco VFrame DC restarts a previously verified service network rather then creating the service from scratch. This capability reduces the time to failover significantly and helps ensure a repeatable process that complies with the requirements of the service network.
In contrast, most server-based solutions that offer business continuity for server images require the customer to manually translate these mappings. Coordinating network and storage changes associated with servers is time consuming, thus increasing the time to failover and risking the business's ability to recover from the disaster.
With Cisco VFrame DC, the primary and secondary data center can have disparate sets of resources. As long as the resources are compatible, Cisco VFrame DC can re-create a service infrastructure identical to the primary one through a service template that programmatically describes a service in terms of its components. Cisco VFrame DC also provides a Web services interface that can integrate with third-party applications like storage replication software.
For IT organizations and managed-service providers faced with managing high capacity data center resources, Cisco VFrame Data Center provides end-to-end orchestrated provisioning of services across all infrastructure resources in an exceptional network-based approach that is coordinated, integrated, and rapid. Employing unique service templates and graphical service-level abstraction, Cisco VFrame DC can minimize the time, effort, and costs required to deploy and adapt the infrastructures needed to host and deliver applications.
Server, storage, and network resources can be coordinated, pooled, and dynamically repurposed in real time based on changing events, as well as effectively shared across applications, groups, and companies for reduced resource proliferation. Cisco VFrame DC enhances system resilience with rapid recovery of application environments from shared infrastructure pools and fast recovery for all systems, not just mission-critical systems or those with rapid break-fix agreements. Failures and the time to troubleshoot are reduced with standardized, well-defined infrastructure templates. Cisco VFrame DC policy-based optimization of pooled resources results in fewer resources more efficiently managed and powered.
With standards-based API support and a system of partners, Cisco VFrame DC integrates transparently into existing infrastructures, complements existing virtualized and nonvirtualized approaches, and helps ensure end-to-end infrastructure visibility and policy-based service enablement in minutes. No other virtualization solution today offers this level of control, speed, and flexibility. The Cisco network-driven approach offers outstanding infrastructure visibility, connectivity awareness, wire-once dynamic associations, and flexible robust security and isolation. For everyone-IT executives, cross-functional administrators, and application users-a Cisco VFrame DC enabled data center delivers numerous immediate improvements, such as lower TCO, improved service availability, and more scalable server virtualization deployments, while bringing entire organizations closer to realizing the next stage in service-oriented infrastructures.