State-of-the-art infrastructure Igor van Haren ICT Architect igor.van.haren@vecozo.nl
Agenda A B C D E Application Infrastructure VECOZO Process of infrastructure creation Cloud computing svices Why change? Why now? Infrastructure components F G Automation Questions
FTP File Websvices App Backend Batch processing SSO VirusScan Schedul CMS Frontend CMS Backend Web Frontend Encryption
FTP Websvices O T A P File App Backend Batch processing FTP Websvices File App Backend Batch processing FTP Websvices File App Backend Batch processing FTP Websvices File App Backend Batch processing SSO VirusScan Schedul SSO VirusScan Schedul SSO VirusScan Schedul SSO VirusScan Schedul CMS Frontend CMS Backend CMS Frontend CMS Backend CMS Frontend CMS Backend CMS Frontend CMS Backend Web Frontend Encryption Web Frontend Encryption Web Frontend Encryption Web Frontend Encryption
FTP Websvices O T A P File App Backend Batch processing FTP Websvices File App Backend Batch processing FTP Websvices File App Backend Batch processing FTP Websvices File App Backend Batch processing SSO VirusScan Schedul SSO VirusScan Schedul SSO VirusScan Schedul SSO VirusScan Schedul CMS Frontend CMS Backend CMS Frontend CMS Backend CMS Frontend CMS Backend CMS Frontend CMS Backend Web Frontend FTP Websvices File Encryption App Backend Batch processing Web Frontend FTP Websvices File Encryption O T A P App Backend Batch processing Web Frontend FTP Websvices File Encryption App Backend Batch processing Web Frontend FTP Websvices File Encryption App Backend Batch processing SSO VirusScan Schedul SSO VirusScan Schedul SSO VirusScan Schedul SSO VirusScan Schedul CMS Frontend CMS Backend CMS Frontend CMS Backend CMS Frontend CMS Backend CMS Frontend CMS Backend Web Frontend FTP Websvices X Y. File Encryption App Backend Batch processing Web Frontend FTP Websvices File Encryption App Backend Batch processing Web Frontend FTP Websvices File Encryption App Backend Batch processing Web Frontend Encryption SSO VirusScan Schedul SSO VirusScan Schedul SSO VirusScan Schedul CMS Frontend CMS Backend CMS Frontend CMS Backend CMS Frontend CMS Backend Web Frontend Encryption Web Frontend Encryption Web Frontend Encryption
Process of infrastructure creation Lines of Business Application Development & Opations End-Us IT Svice Desk Storage silo Network silo Compute silo Microsoft silo Storage Network Compute Microsoft Monitoring tools
I want a pentagon? Individual Svice requests
Process of infrastructure creation DevOps teams Lines of Business End-Us Application Development & Opations The rise of Develops reach Cloud Tenant Opations IT Svice Desk Increased allignment with the business Ability to work technical and functional across silos Cloud Infrastructure Opations Monitoring tools Physical Infrastructure
Self-svice
Cloud computing svices Software-as-a-Svice A software licensing and delivy model in which software is licensed on a subscription basis and is centrally hosted.
Cloud computing svices Infrastructure-as-a-Svice A svice model for deliving physical or more often virtual machines and oth resources online that abstracts the us from details of infrastructure like physical computing resources, location, data partitioning, scaling, security, backup etc.
Cloud computing svices Platform-as-a-Svice A platform offing development a environment to develop, run, and manage applications whithout the complexity of building and maintaining the infrastructure tipically associated with developing and launching applications.
Cloud computing svices VECOZO Platform-as-a-Svice A on-premise platform allowing DevOps teams to develop, run, and manage applications and create application infrastructures whithout the complexity of installing, configuring or managing any hardware or middelware.
Why change? Why now?
Why change? Why now? Infrastructure VMWare ESX EOL Load balancs EOL Scalability Complexity TCO
Why change? Why now? Infrastructure VMWare ESX EOL Load balancs EOL Scalability Complexity TCO Availability 7x24 high availability Building Svice Level Agreements
Why change? Why now? Security Infrastructure VMWare ESX EOL Load balancs EOL Scalability Complexity TCO Endpoint security Security incident event monitoring/tracking nal security scanning Availability 7x24 high availability Building Svice Level Agreements
Why change? Why now? Security Infrastructure VMWare ESX EOL Load balancs EOL Scalability Complexity TCO Endpoint security Security incident event monitoring/tracking nal security scanning Availability Compliancy NEN 5710, ISO 27001 COBIT 4.1 Monitoring of privileged uss 7x24 high availability Building Svice Level Agreements
Why change? Why now? Infrastructure VMWare ESX EOL Load balancs EOL Scalability Complexity TCO Security Endpoint security Security incident event monitoring/tracking nal security scanning Availability 7x24 high availability Building Svice Level Agreements Compliancy NEN 5710, ISO 27001 COBIT 4.1 Monitoring of privileged uss Psonnel Reduce workload Be ready for the future
Why change? Why now? Infrastructure VMWare ESX EOL Load balancs EOL Scalability Complexity TCO Security Endpoint security Security incident event monitoring/tracking nal security scanning Availability 7x24 high availability Building Svice Level Agreements Compliancy NEN 5710, ISO 27001 COBIT 4.1 Monitoring of privileged uss Psonnel Reduce workload Be ready for the future Process Fully in control from start to finish Full process monitoring
Why change? Why now? Renewing infrastructure New Software Defined Netwk (ACI) New Compute (UCS) New Storage (VNX +Vplex) New Backup (DD + work) New Hypvisor (Hyp-V) Updating software stack New OS-vsion (Windows 2012) New SQL-vsion New Monitoring tool (SCOM) New ticketsysteem (SCSM) New configuration management tool (SCCM) New process Change- Releasemanagement Incidentmanagement Patchmanagement Svice Level Management Capacity Management Configuration Management Compliancy in control Self assessment and risk analysis Implement security information and event management (SIEM) All svices 7x24 New desktop environment New OS-vsion (windows 10) New Office-vsion (Office 2016) Upgrade development tools New TFS (TFS2015) New Visual Studio (VS2015) New dev. framework Endeavour Extend security New Endpoint-security (TRAPS) Renew Patchmanagement (Nessus) Automate evything + us selfsvice UCS Director Logrhythm Change IT-support
Geo redundant data cent setup connect als datacent partn Twee onafhankelijk opende datacents V genoeg vwijdd, maar wel om de hoek en met een minimale latency 24x7x365 toegang, support en bewaking ISO27001, ISO9001 en ISO14001 gectificed Engie-efficiënte koeling volgens het Cold Corridor principe
Redundant Data Cent connect DWDM Geografisch gescheiden dark firbs Vschillende levancis Onafhankelijk aangesloten op onze rackspaces!
Redundant powfeed
Multiple Data cent Connect () Dienst A Dienst C Dienst B Dienst D
Multi ti storage Flash, SAS en NL-SAS in één Pool Fast VP voor pformance optimalisatie en kostenbesparing.
Fibre Channel Storage area work (SAN) Bewezen techniek. Betrouwbaar Gegarandede snelheid Hoge veiligheid door sepatie van het wk en het toepassen van zoning
VPLEX metro Delivs availability and data mobility across sites. Enables mission-critical applications to remain up and running during a variety of planned and unplanned downtime scenarios. Allowing painless, nondisruptive data migrations. Enables technologies like VMWare, Hyp-V and oth hypvisor clusts that we built assuming a single storage instance to function across synchronous distance. Simultaneous access to storage systems at geographically separate sites. VPLEX Distributed Volumes
Cisco Application Centric Infrastructure (ACI) Veenvoudiging van zowel het fysieke als het gevirtualizede wk. Hoge veiligheid door Micro segmentatie application-aware wkmodel Netwkmodellen zijn uitgold binnen enkele minuten Open platform. Netwkbehed rol gaat vanden, waarin scripting belangrijk wordt.
Cisco Application Centric Infrastructure (ACI) Tenants Een tenant is een logische contain Elke tenant is een geisolede eenheid vanuit policy pspectief Tenants representen bijvoorbeeld een klant binnen een svice provid infrastructuur, een organisatie of domein binnen een entprise
Cisco Application Centric Infrastructure (ACI) Tenants Tenant: VECOZO Tenant: VECOZO KA Tenant: Zorgmatch Tenant: OPT-IN Tenant: Toekomst
Cisco Application Centric Infrastructure (ACI) Tenants Tenant: VECOZO Contexten Een context is een wk binnen een tenant. Binnen de APIC GUI ook wel een private work genoemd. Elke tenant kan mede contexten bevatten. Een context is gelijk aan een virtual routing en forwarding (VRF) instance in de wk weld.
Cisco Application Centric Infrastructure (ACI) Tenants Tenant: VECOZO Contexten Context: Common Context: Technisch applicatie behe (TAB) Context: DevOps Team Blauw Context: DevOps Team Groen Context:..
Cisco Application Centric Infrastructure (ACI) Tenants Contexten Context: DevOps Team Groen Application profiles Een application profile (AP) bevat de wk requirements voor een applicatie. Een logische contain voor groepen EPGs.
Cisco Application Centric Infrastructure (ACI) Tenants Tenant: VECOZO Contexten Context: DevOps Team Groen Application pofiles Application profile: COV Test Application profile: COV Productie Application profile: COV Tijdelijk tbv Incident 38890 Application profile:
Cisco Application Centric Infrastructure (ACI) Tenants Tenant: VECOZO Contexten Context: DevOps Team Groen Application profiles Application profile: COV Productie
Cisco Application Centric Infrastructure (ACI) Tenants Tenant: VECOZO Contexten Context: DevOps Team Groen Application profiles Application profile: COV Productie
Cisco Application Centric Infrastructure (ACI) Tenants Tenant: VECOZO Contexten Context: DevOps Team Groen Application profiles Application profile: COV Productie
Cisco Application Centric Infrastructure (ACI) Tenants Tenant: VECOZO Contexten Context: DevOps Team Groen Application profiles Application profile: COV Productie
Compute Sv definition Identity information Firmware revision specifications Connectivity definition Svice profile
Sv virtualization (Hyp-V) Hyp-V Management Hyp-V Host Hyp-V Host Hyp-V Host Hyp-V Host Hyp-V Live Migration
Large tenant clust Hyp-V Tenant Hyp-V Host Hyp-V Host Hyp-V Host Hyp-V Host Hyp-V Host Hyp-V Host Hyp-V Host Hyp-V Host Hyp-V Live Migration
High available SQL SQL instance 001 SQL instance 002 SQL instance 003 SQL instance 006 SQL instance 004 SQL instance 005 SQL instance 009 SQL instance 010 SQL instance 007 SQL instance 011
Backup (EMC Network 9 & Data Domain) a Single pane of glass, alle back-up informatie in één ovzicht. Policy en workflow gebasede backup. Security en Auditing Active-active Back-up to disk.
UCS Director Managed by Cisco UCS Director
UCS Director Self-svice Portal
UCS Director workflows
UCS Director workflows 1 2 Initiated by us Create three ti component names 3 Create Tenant Application Profile COMMON (INFRA) EPGs Traps Kasps ky Nessus Siem ACS System Cent SCOM SCCM Active Directory 4 5 6 Create Active Directory structure Create Web Ti EPG Create App Ti EPG 7 Create DB Ti EPG 8 Add load balanc to Web ti C C C C 9 10 Add provided contracts to Web ti Add consumed contracts to Web ti Application profile: Demo 11 12 Add load balanc to App ti Add provided contracts to App ti Web Ti EPG Application Ti EPG C Database Ti EPG 13 14 15 Add consumed contracts to App ti Add provided contracts to DB ti Create Web ti VMs 16 Create App ti VMs SQL instance X 17 Create DB SQL instance 18 Complete
THE END Any Questions???