After actively contributing to its testing, Cisco IT places VFrame DC at the core of the service-oriented data center model.

In a pairing rarely seen in the software industry, Cisco® IT has teamed up with product developers in the company's Server Virtualization Business Unit to collaborate fully in helping to define and test the new Cisco VFrame Data Center (VFrame DC) service orchestration and provisioning solution. As the first customer for VFrame DC, Cisco IT is providing developers with actionable feedback and insight into the data center functionality and real-world uses for the product.

With each new release of code, the IT group applied and evaluated VFrame DC, identifying bugs and suggesting opportunities for enhancements that would make the product more useful to IT organizations. So far, Cisco IT has tested VFrame DC in deploying and provisioning physical and virtualized Linux and Windows servers and network-attached storage (NAS) and storage-area networks (SANs), as well as orchestrating these resources.

VFrame DC Introduces Paradigm Shift

Most enterprise IT organizations are organized functionally with separate server, storage, and network support teams performing separate provisioning tasks. After using up most of its data center resources, Cisco IT needed to implement a new hosting model, and so began to pursue a service-oriented data center strategy that could allow convergence of server, storage, and network services and the teams that support them. Such a model would enable Cisco IT to notably speed up application provisioning and increase its ability to respond to business needs and market conditions.

This paradigm shift within the data center requires not only cross-functional collaboration among the server, storage, and network teams but also behavioral and operational changes across these areas and top-down support from executive management, according to Ken Bulkin, senior manager in the Network Data Center Services group at Cisco. At the core of Cisco IT's service-centric infrastructure is VFrame DC.

Using dynamically created workflows, VFrame DC makes end-to-end coordinated provisioning of server, storage, and network-based resources easy, along with repurposing of physical and virtualized infrastructure services that traverse these functional areas. VFrame DC effectively creates a shared pool of resources, end to end within the data center, that can be provisioned on demand.

All of VFrame DC's capabilities and functionality will eventually be realized in Cisco's new data center under construction in Richardson, Texas. This data center will consolidate all of the company's North American operations and be the first fully operational facility to adopt Cisco IT's service-oriented data center strategy.

Meanwhile, Cisco IT has been using components of VFrame DC to orchestrate delivery of computing resources for hundreds of x86-based applications, especially those using virtualized servers and storage arrays.

VFrame DC in the Trenches

When a client group wants server resources to support a new application, virtualization through the VMware ESX Server offering is Cisco IT's current default. VMware supports the creation of virtualized servers (also called virtual machines), each potentially using multiple CPUs and varying gigabytes of memory. VFrame DC complements VMware by treating virtual machines as server resources and providing a bidirectional API-based interface that configures network and storage in coordination with virtual machine requirements.

Cisco IT has formed pools of storage at the array level and tested VFrame DC to orchestrate storage and server resources, in which VFrame DC:

• Selects server resources based on parameters such as capacity, availability, and performance
• Performs remote boot of SAN and NAS dataless servers
• Applies required services such as firewalls and server load balancing
• Configures all resources and access to them dynamically
• Presents the setup to the system administrator

In 2008, the second release of VFrame DC will bring integration with VMware ESX, allowing Cisco IT to use VFrame DC to provision servers running Windows, Linux, or both. Essentially VFrame DC will treat VMware as another operating system, one that partitions physical servers to run both Windows and Linux virtualized servers.

Cisco VFrame DC will help to ensure that applications deployed on virtualized servers have the same level of security, availability, network services, and I/O performance as applications deployed on physical servers. It will do this by dynamically aligning network elements, such as virtual LANs (VLANs) and access control lists (ACLs), and network services, such as firewalls, server load balancing, and Secure Sockets Layer (SSL) offload.

VFrame DC has management and policy-driven provisioning interfaces across data center server, storage, and network-based resources, and can rapidly deploy virtualized services based on predefined service templates. Among the VFrame DC features that Cisco IT evaluated was the ability to establish and maintain design templates for many different types of applications, including the company's intranet and enterprise management solution. A template contains specifications for the resources that a given type of applications needs. Typical of the recommendations that Cisco IT made in its evaluations of VFrame DC were two that eased the task of building templates.

The VFrame DC solution uses mature industry standards and relies on published APIs, which IT administrators can use to interface with custom management applications or third-party data center management products. A group of APIs is available for basic provisioning tasks such as security and server load balancing to help initiate an organization's use of VFrame DC. A developers' kit enables creation of additional APIs for tailoring the VFrame DC solution to suit an array of individual enterprise requirements.

"VFrame DC makes setting up support for an application much faster and easier because it automatically coordinates activities involving a number of different groups -- servers, storage, network configuration, procurement, data centers, switches, and so on," says Bulkin. "Without it, we have to engage all the groups in charge of these different areas, and that is very time consuming."

After an application is up and running, VFrame DC handles common operational tasks such as locating replacement resources in the case of a failure, policy-based resource optimization, logical to physical resource mapping, events logging, network configuration, and reporting. In the area of policy management, for example, Cisco IT plans on using VFrame DC to configure web-based and other services with policies that allow automated "grow and shrink" capabilities based on their profile, according to Mike Matthews, IT program manager at Cisco. If a web farm needs additional resources, VFrame DC would detect this need and allocate an additional server from the pool to the web farm. Afterward, VFrame DC would release the server back to the pool for other services.

VFrame DC can also speed up application recovery after a failure. VFrame DC monitors all servers within its management domain and recognizes when a server or disk drive goes down. Based on policies regarding service-level agreements and other specified factors, VFrame DC automatically locates a server from a server utility pool and loads it with a runtime image similar to the server that failed. Thus, VFrame DC immediately transfers the application to other resources, even mapping the new I/O links. If a server goes down, for example, VFrame DC will automatically assign a new server and map in the storage previously used by the application.

VFrame DC also stores golden images of the systems that it deploys, including full configurations for Cisco Catalyst® 6500 Series Switches and Cisco MDS 9500 Series Multilayer Directors, as well as servers and storage arrays. From a golden image (a master image of the operating system and related applications created from a server and used as the template from which virtualized server images are created), administrators can restore a host quickly, with all the original functional and security provisions intact.

In addition, VFrame DC can "hook" into network operations, which will give an IT organization clear views of a physical server's adjacency from both a network and storage access perspective, along with server and network services connectivity. This greater visibility will enable an IT group to diagnose and troubleshoot server access issues faster.

Reaping the Benefits of VFrame DC

Cisco IT has made significant strides toward virtualizing servers, storage, and network-based resources in the data center, benefiting from the requisite hardware capacity and other operational efficiencies that virtualization can bring. Even so, the amount of data that Cisco IT must process is growing about 35 percent per year. The sheer mass of data and the numbers of systems needed to process and store it are creating pools of resources so large that they are difficult to manage and bog down response times for client requests.

The cross-functional service orchestration enabled by VFrame DC will greatly ease these provisioning and management burdens and help to generate even higher operational efficiencies within the data center. Already, Cisco IT is benefiting from productivity and cost savings in:

• Personnel, as IT staff can manage and provision an order of magnitude more servers
• Hardware, as far fewer servers and disk drives are needed
• Time, as computing support for an application can be coordinated and provisioned in a few days or a few hours rather than weeks or months
• Power and cooling; not only are there fewer physical boxes, but VFrame DC powers up only those servers needed for a given application workload and returns servers that are no longer being used to server pools, powering them down until required by another application.

Cisco IT is looking forward to eventually employing all of VFrame DC's capabilities in the new data center in Richardson, Texas. In this service-oriented data center environment, VFrame DC will be used to provision and manage segments or "pods" of compute resources. Each pod will contain the server, storage, and network-based resources–hundreds of servers, for example–needed to support many applications and be orchestrated by a pair of redundant VFrame DC appliances.

The pod structure will enable easier oversight by data center engineers. "Right now we often do not understand all of the dependencies among physical and virtual resources and the applications that they support," says Matthews. "So we do not necessarily know how an application will be affected if a piece of hardware goes down. Building these pods will give us better organized, standardized pools to work with, and VFrame DC itself can show us all the links and interdependencies, making the support much easier to manage too."

An Invitation

Cisco hopes to share new functionality provided by VFrame DC through a library of original APIs, services, and interconnected programs created by Cisco IT and users from other organizations to fit their individual enterprise needs. These tailored contributions will expand the VFrame DC service orchestration solution beyond what Cisco itself has created, to build a rich assortment of capabilities that other users can draw on. Let the music begin.