2 Table of Contents Cover image Front matter Copyright Dedication Acknowledgments Introduction About the Authors Chapter Next-Generation IT Trends Chapter Next-Generation Data Center Architectures and Technologies Chapter Next-Generation WAN and Service Integration Chapter Branch Consolidation and WAN Optimization Chapter Session Interception Design and Deployment Chapter WAN Optimization in the Private Cloud Chapter SAN Extensions and IP Storage Chapter Cloud Infrastructure as a Service Chapter Case Studies Appendix A Acronyms and Abbreviations References Index Front matter Private Cloud Computing Private Cloud Computing Consolidation, Virtualization, and Service-Oriented Infrastructure Stephen R Smoot Nam K Tan AMSTERDAM • BOSTON • HEIDELBERG • LONDON NEW YORK • OXFORD • PARIS • SAN DIEGO SAN FRANCISCO • SINGAPORE • SYDNEY • TOKYO Morgan Kaufmann is an imprint of Elsevier Copyright Acquiring Editor: Todd Green Development Editor: Robyn Day Project Manager: Danielle S Miller Designer: Kristen Davis Morgan Kaufmann is an imprint of Elsevier 225 Wyman Street, Waltham, MA 02451, USA © 2012 Elsevier, Inc All rights reserved No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher Details on how to seek permission, further information about the Publisher's permissions policies and our arrangements with organizations such as the Copyright Clearance Center and the Copyright Licensing Agency, can be found at our website: www.elsevier.com/permissions Designations used by companies to distinguish their products are often claimed as trademarks or registered trademarks In all instances in which Morgan Kaufmann Publishers is aware of the claim, the product names appear in initial capital or all capital letters All trademarks that appear or are otherwise referred to in this work belong to their respective owners Neither Morgan Kaufmann Publishers nor the authors and other contributors of this work have any relationship or affiliation with such trademark owners nor such trademark owners confirm, endorse or approve the contents of this work Readers, however, should contact the appropriate companies for more information regarding trademarks and any related registrations This book and the individual contributions contained in it are protected under copyright by the Publisher (other than as may be noted herein) Notices Knowledge and best practice in this field are constantly changing As new research and experience broaden our understanding, changes in research methods or professional practices, may become necessary Practitioners and researchers must always rely on their own experience and knowledge in evaluating and using any information or methods described herein In using such information or methods they should be mindful of their own safety and the safety of others, including parties for whom they have a professional responsibility To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors, assume any liability for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions, or ideas contained in the material herein Library of Congress Cataloging-in-Publication Data Application submitted British Library Cataloguing-in-Publication Data A catalogue record for this book is available from the British Library ISBN: 978-0-12-384919-9 Printed in the United States of America 12 13 14 15 10 For information on all MK publications visit our website at www.mkp.com 10 11 Priority-based Flow Control 51–52, 53–54, 54f Private cloud description of SAN extension for 221f Private cloud computing 289 Private enterprises 228–229 Private VLANs 271, 272f Probes, for health monitoring 211–213 Promiscuous ports 271 Protocol Data Units 239 Provider edge routers 88–89 Proxy initiator 263f Public cloud Q QCN signaling 57f Quality-of-service 114, 119–120, 253 R RAID see Redundant Array of Inexpensive Disks Raw Device Mapping 32, 34–35, 35f Real servers 204–206 Recovery point objective 222 Recovery time objective 222 Redirect_Assign message 131 Redundancy 214 Redundancy design, in Multiprotocol Label Switching Virtual Private Network over Dynamic Multipoint Virtual Private Network 96, 97f Redundant Array of Inexpensive Disks Relational Database Management System 229 Remote backup 226 Remote branch offices 8, 87–88, 88f, 139, 366 733 Remote branch routers 94–95 Remote office virtualization designs 122–125, 123f Remote vaulting 226, 243 Resource allocations 195 Resource pooling Ring topologies Dense Wavelength Division Multiplexing 233–234, 234f SONET/SDH 238f Routed mode 149f, 209–211 R–RDY 222–224, 225 S SAN description of iSCSI 33 virtual see Virtual SAN SAN extension submodule 293 SAN extensions asynchronous replication 227–229, 228f case study of 339–353 dark fiber 229–230, 230f data recovery metrics 222 description of Fibre Channel flow control over distance 222–225, 223f functions of 220–221 mirrors 226–227 overview of 220–229 for private cloud computing 221f remote backup 226 snapshots 226–227 synchronous replication 227–229, 227f 734 SAN islands SAN submodule 293 Scalable Data Reduction 104, 106, 107f Scale-out 278 Scale-up 278 SCSI mid-layer 32 Secondary volume 226 Security FCIP 254 IP 90, 91f iSCSI 263–265 Server administrator 28 Server farms 204–206 Server load-balancing bridged mode of 78–79, 78f configuring of 204 consolidation of 77f function of 76 one-arm mode of 79–80, 79f routed mode of 78–79, 78f virtualization 74, 76–80 Server module 4f, 5, 14f Server sprawl 16, 278 Server virtualization description of 5, 17–35, 267–268 virtual machines see Virtual machine Server-Provided MAC Addresses 317 Service groups 129, 133–134, 134f Service integration 73–80 Service models 10, 11f Service templates 288 Service-oriented infrastructure 735 case study of 353–369 cloud infrastructure as a service overly 296–297, 296f definition of description of 290 framework of 3–4, 3f, 291f project initiation design 353–354 schematic diagram of 291f Services aggregation layer interception 189–216 Admin context 190–196 ARP interval 206 bridged mode 199–208 health monitoring with probes 211–213 high-level design 363–366, 364f Integrated Routing and Bridging 203–204 overview of 189–190 routed mode 149f, 209–211 service policy 207–208 services chassis requirements 190 User context 195–196, 197–199 Services chassis method 73–74, 74f Six-NIC configuration 305–306, 306f Small and Medium Enterprises Snapshots 226–227 Solicited data transfer 259–260, 260f SONET/SDH 236–254, 238f Source MAC address hashing 302, 303 Source Network Address Translation 80 Source-based hashing 301, 302 Spanning Tree Protocol description of 31 enhancements 40 L2 multipathing 40 736 virtual portchannel modification of 43–44, 329–330 Spoofing 225 Static mapping 262 Static pinning 324, 328f, 329f Static target mapping 261 Storage array submodule 293 Storage module 5–6, 14f, 219, 358–359 Storage networking Storage virtualization 35–40, 293 asymmetric 37–40, 39f benefits of 36 block aggregation 36–37 description of 15 functions of 35–36 symmetric 37–40, 38f Storage-Area Network see SAN Stovepipe system 16–17, 16b, 17f SVCLC VLAN-group 193 Switch forwarding 30 Switch Virtual Interfaces 81 Switched port analyzer 273 Symmetric virtualization 37–40, 38f Synchronous Digital Hierarchy 221 Synchronous Optical Network/Synchronous Digital Hierarchy 221, 236–254 Synchronous replication 227–229, 227f, 243 T Tape acceleration 250–252, 251f, 252f Target multipathing 263 TCP acceleration 112–114, 113b TCP acknowledgments 247 TCP connection splitting 113–114, 113f 737 TCP probe 212–213 TCP protocol 101–102 TCP retransmissions 246, 246f TCP timeouts 246 Telecommunication Management Network 285 Templates 287, 288 10-gigabit Ethernet 6, 51–52 Thin hypervisor 268 Top-of-rack architecture design study 319–328 Top-of-the-rack topology 69 Trace-route packets 164 Traffic control of 115–117 egress methods 140–141 LAN 120 optimized 117–122 Traffic pattern predictors 205–206 Transparency 118 Transparent Interconnection of Lots of Links 41–42 Transparent tunnels 118–119 Trunking 343–344 Trusted Execution Technology 269 Tunnel label 87 Tunneling 117, 119–120 Two-NIC configuration 301–303, 302f 2457 virtual private networks 87 U U loop-free access typology 40–41, 41f Unidirectional path switch ring 237 Unified Computing System 278–284 aggregation point 279 blade server chassis 282–283 738 blade servers 284 components of 281–284 enabling technologies 279–281 environments supported by 292 fabric extenders 280f, 283 fabric interconnect 281–282 I/O adapters 283–284 memory expansion 280 resources 281 6100 Series 281–282 topology of 282f VNTag 279–280 Unified Computing System Manager 280, 355 Unified fabric design study description of 311–319 Fibre Channel over Ethernet access layer 311–319 design of 312f to Ethernet LAN 317–319 to Fibre Channel SAN 313–317 Unified fabric topology Universally Unique ID 29 Unsolicited data transfer 259–260, 260f Uplink 28 Uplink prepinning 284f User self-service 288–289 V Variable optical attenuators 232 VE_Ports 239–240 VF_Ports 62–63, 65 Virtual access-layer design case study of 299–306 high-level 349f, 354–355 739 Virtual access-layer submodule 292 Virtual appliances 115–116, 168 Virtual datastore 32–34 Virtual demilitarized zone 277 Virtual desktop infrastructure 122–123 Virtual device contexts 128, 294 Virtual disk 32, 36 Virtual E_Port 60 Virtual Ethernet 27 Virtual Ethernet Module description of 22, 26, 27, 300 domain ID 30 switch forwarding 30 Virtual Supervisor Module and, communication between 29 Virtual F_Port 58 Virtual inter-switch link 240–241, 241f Virtual link description of 61 instantiation 63–64 maintenance of 64–65 Virtual Local Area Networks see VLAN Virtual machine(s) 18–19 demilitarized zone on 268 description of 5, 31 interconnection of 15 Raw Device Mapping 34–35, 35f structure of 5f Virtual Machine File System 32, 34 Virtual Machine Monitor Virtual machine sprawl 21 Virtual machine submodule 291–292 740 Virtual N_Port 59 Virtual Port Channels case study of 329–338 components of 42–43 configurations 330–338, 331f deployment of 330–331 description of 41, 42–44 design of 45–48 domain 42, 329, 331–334 domain ID 332 Ethernet interfaces 49 flow-based hashing 49–50 host mode 48–50, 49f Hot Standby Router Protocol and 45, 47–48 initiation 47 MAC pinning 50–51, 51f member port 43, 329 Nexus 1000V Series switch 48–51 orphaned ports 43, 44 peer device 329 peer keepalive link 43, 46, 46f, 329, 333 peer link 43, 45, 45f, 46, 329, 334–336 peer switches 43, 45 role priority 45 schematic diagram of 44f Spanning Tree Protocol and 43–44, 329–330 Virtual private cloud 167 Virtual Private Network 85–87 Virtual Private Network route label 86 Virtual Router Redundancy Protocol 263 Virtual Routing and Forwarding definition of 81–82 741 description of 6, 80–81 Dynamic Multipoint Virtual Private Network per 92–93, 92f examples of 82f Virtual Routing and Forwarding-aware WCCP 169–175 Virtual SAN configuring of 344–353 description of 63 in Fibre Channel 345 inter-VSAN routing 344–353 rewrite table 345f Virtual SCSI host bus adapters 32 Virtual SCSI layer 32 Virtual security appliance 268 Virtual Supervisor Module description of 22 domain ID 30 high availability and 25 vCenter Server communication 26 Virtual Ethernet Module and, communication between 29 Virtual switch security 270–276 Virtual Switching Systems 41 Virtualization benefits of 36 block-level 36–37 data-path 83–84 description of device-based 37 firewall 75–76, 75f host-based 37 network 6, 7f 742 network-based 37, 39 server server load-balancing 74, 76–80 in service-oriented infrastructure 3, 3f storage see Storage virtualization VLAN 270 access 195 configuration of 40–41 end-to-end 80–81 FCoE 63 to Fibre Channel over Ethernet 317 L2 segmentation 80 private 271, 272f system 29 VLAN hashing 303 vmknic 20 VMware description of 18 hardware abstraction layer 19 software virtual switches 20 vCenter Server 25, 28, 300–301 Virtual Machine File System 21 VMotion 266 VMware networking primer description of 19–22 ESX server 19–20 vNetwork Distributed Switch 20, 21, 22 vNetwork Standard Switch 20, 292 vNIC 20, 21, 24 VN_Ports 62–63, 65 VNTag 279–280, 320 Volumes 35–36 743 VRF Select 134f, 176–177, 185–186 W WAN bandwidth limitations 100, 104–107 Internet as latency in 100–103 performance challenge 100–103, 104–114 traffic redundancy on 104–105 WAN edge/peering layer Not-So-VRF solution implementation at 186–189 WCCP at 148–149, 149f WAN module description of 6–7 high-level design 366–368, 367f network virtualization 6, 7f purpose of schematic diagram of 14f WAN optimization application acceleration 109–111, 111f, 112 application layer speed increases through 107–112 benefits of 104–114 case study of 310 in cloud 168 data deduplication 104–107 description of lossless compression 104 network visibility 120–121 origins of 103 policy-based routing deployment for 161–164, 162f summary of 216–217 TCP acceleration 112–114, 113b terminology for 119 744 with Virtual Routing and Forwarding-aware WCCP 133f WAN optimization deployment auto-discovery 117, 121 in-path 115f, 116, 160–161, 161f logical in-path 115f, 116 optimization software 116 out-of-path 115f, 116–117 physical in-path 115f, 116, 160, 161f requirements for 114–122, 115f traffic control 115–117 tunneling 117, 119–120 virtual appliance 115–116 virtualized appliances 115–116 WAN optimizers 365 addressing 119, 122 cluster deployment 134 deployment architectures 122–125, 123f egress methods 140–141 failure detection 212 farm deployment 134 farm redundancy 213–216 LAN transparency 120 location of 127–128 optimized traffic 117–122 placement of 127–128 server-side 120–121 WAN submodule 295 Wavelength-Division Multiplexing Course 221, 234–236 Dense see Dense Wavelength Division Multiplexing uses of 230 745 WCCP 128–159 ASR 1000 compatibility 144–145 assignment methods 137–140, 138f C7600/Cat6K Sup32/720 compatibility 143–144 configuration examples 153–159, 160–161 control-plane messages 130–133 at core layer 145–148, 146f, 147f cross-registration 150 definitions 129 description of 128–129 design examples 145–153 designated cache 129 egress redirection 135 GRE redirection 136 hash assignment 137–138, 138f ingress redirection 135, 136 initial handshake 132f interception operation 135–136, 135f ISR and C7200 compatibility 144 L2 redirection 136 mask assignment 138, 139–140, 139f Nexus 7000 compatibility 142–143 packet redirection 134 point-of-interceptions 150–151 redirection schemes 136–137 return schemes 140 service groups 129, 133–134, 134f steady-state sequence 132f between two data centers 149–153, 150f, 152f, 154f two-way connectivity 135f, 177–179 at WAN edge/peering layer 148–149, 149f WCCP client 746 configurations 155–157 definition of 129 timeout 133f WCCP priority 129 WCCP server 129 configurations 158–159 platforms 142–145, 170 Wide-Area Application Services 141 Wide-Area Network see WAN Wide-Area Networking X XML 289 Z Zero-day attacks 277 747 ... Chapter Cloud Infrastructure as a Service Chapter Case Studies Appendix A Acronyms and Abbreviations References Index Front matter Private Cloud Computing Private Cloud Computing Consolidation, Virtualization, ... Function: The Service- Oriented Infrastructure Framework • Blocks of Function: The Cloud Modules • Cloud Computing Characteristics • Cloud Computing Taxonomy • Summary Chapter defines the service- oriented. .. infrastructure (SOI) framework for private cloud computing It describes the functions of the various cloud modules that make up the SOI framework Fundamental cloud computing characteristics and taxonomy