WHITE PAPER Brocade ADX Multitenancy: Combining the Flexibility of Virtualization with the Performance of Purpose-Built Hardware The Brocade ServerIron ADX hardware-based virtualization architecture delivers the benefits of specialized hardware to enable reliable performance and full isolation for service-driven networks in a shared service environment.
Table of Contents Combining the Best of Both Worlds... 4 The Virtualized Application Delivery Switch Solution... 4 Consolidation...5 Isolation...5 Flexibility...6 Simplicity...7 Conclusion...7 About Brocade... 8 2
Service providers and service-oriented IT organizations need to be able to fully virtualize their offerings to simplify the provisioning of new services, while minimizing management overhead and reducing the cost of their infrastructure. This infrastructure must deliver the same guaranteed performance and resource isolation as a dedicated, purpose-built environment. The Brocade ServerIron ADX hardware-based virtualization architecture delivers the benefits of specialized hardware to enable reliable performance and full isolation for service-driven networks in a shared service environment. Introduction The emergence of cloud computing technologies has transformed the way service provider and enterprise organizations design and operate their data centers. More than ever, these organizations need to extend the cost benefits of server virtualization into the application delivery infrastructure, emphasizing return on investment and increasing operational efficiency and agility. Organizations need to: Minimize cost: Reduce the cost of delivering service to their customers by making more efficient use of their physical and virtual infrastructure to align operational expenditures with infrastructure utilization. Maximize growth: Quickly roll out scalable differentiated services on demand, to open new revenue streams and increase average revenue per user by rapidly adapting to changes in the market. For private cloud and hosting providers, this means having a cost-effective, reliable, and adaptable network that can quickly facilitate the roll out of new services. The underlying infrastructure must be able to consolidate network resources into shared, reusable assets that are decoupled from the applications and services they support. In a shared service environment, server virtualization has enabled service providers to transform their infrastructure to support a diverse set of new service models. However, the advent of virtualization has not yet yielded the same outcome for the application delivery infrastructure layer. While the multitenant Application Delivery Controller (ADC) solutions have provided sustainable performance, they fall short in flexibility for resource management and guaranteed resource isolation for tenants. What is truly needed in the multitenant environment is a solution that can combine the benefits of dedicated hardware, the flexibility of virtualization, and the cost savings of consolidation. 3
Combining the Best of Both Worlds The hardware-based virtualization architecture on the Brocade ADX Series offers cloud/ hosting providers the best of both worlds: the deployment flexibility of a virtualized platform and reliable performance combined with the full suite of Brocade ADX features guaranteed for every tenant. Figure 1 shows the consolidation of fixed-form ADCs into one modular chassis system through the Brocade ADX multitenancy. Unlike traditional multitenant architectures that partition at the application layer, the Brocade ADX virtualizes independent ADX instances that are tied to dedicated hardware processors and isolate each tenant as a distinctly separate environment. This ensures that tenants continue to get the advantage of optimized hardware for key services such as 2048-bit Secure Sockets Layer (SSL) acceleration, Distributed Denial of Service (DDoS) attack protection, and the advanced programmability of the Brocade application scripting engine. Figure 1: Brocade ADX consolidation with multitenancy. The Virtualized Application Delivery Switch Solution A single Brocade ADX switch can easily adapt to the consolidation, isolation, and changing resource allocation or service-level requirements of hosted cloud service networks. In addition to providing high-performance traffic management for dedicated services, the Brocade ADX delivers a hardware-based multitenant solution that enables multiple virtual ADX instances on a single platform. This provides maximum flexibility while reducing both total cost of ownership and the complexity of license management, system maintenance, and device administration. The same Brocade ADX functionality is available for all deployment models dedicated or virtualized so Brocade customers can easily adapt to the model and feature mix that best aligns with the needs of their business while effectively meeting performance and availability Service-Level Agreements (SLAs). The Brocade ADX hardware-based multitenancy solution offers four key benefits for cloud service delivery, which are shown in Figure 2. 4
Figure 2: Hardware-based multitenancy benefits. Consolidation Multitenancy consolidates up to 32 Brocade ADX instances on a single redundant platform, providing maximum infrastructure efficiency while reducing the costs associated with power and cooling, rack space, license management, system maintenance, and administration. Tenants also can access advanced features such as 2048-bit SSL acceleration without compromising performance or reliability. Figure 3: Mixed customer consolidation. Figure 3 shows a consolidation example for a hosting provider serving mixed customers. The hosting provider is able to consolidate multiple single ADCs into one Brocade ADX 10000, while maintaining mixed customer demands with various levels of services and capacity. Each Brocade ADX tenant can be deployed as a high-availability pair in either an active/standby or active/active configuration to ensure that applications and services are always available. Isolation When deployed as a shared device, the Brocade ADX Series allows multiple, fully isolated Brocade ADX instances to run on a single physical system, each with its own hardware and software resources as shown in Figure 4. This hardware-based virtualization of the Brocade ADX system helps to ensure security, compliance mandates, and adherence to service SLAs. A custom-built hypervisor virtualizes the Brocade ADX into separate, dedicated management processor instances and application processors for each tenant. In contrast to virtualization architectures that share software or hardware components, 5
such as the IP stack, the Brocade ADX multitenancy hypervisor provides true isolation of all tenant resources to ensure maximum reliability and performance. Figure 4: Brocade ADX virtualization architecture provides isolation and dedicated resources. Hardware-based hypervisor isolation with dedicated resources provides several benefits to service providers: Fault isolation: Failure of one tenant does not impact other tenants in production, and individual tenant processes can be restarted without affecting other tenants. Network isolation: Complete application processor isolation, Layer 2 to Layer 7 traffic isolation, and IP stack isolation allow overlapping IP addresses and subnets across tenants. Management isolation: Flexible and independent configuration, monitoring, and troubleshooting per tenant, with individual high-availability synchronization capabilities, are provided. Resource isolation: This offers feature parity with complete independence and control per tenant. Flexibility The Brocade multitenancy feature provides the ultimate in flexibility, enabling service providers to mix and match capacity, features, and services according to changes in customer requirements. On-demand resource provisioning allows allocation of any available application processors to a tenant to meet capacity requirements. Full feature parity across tenants, based on the hardware isolation architecture, provides the ability to mix and match tenants and enable basic or advanced features in any combination on the same module, with no additional hardware or licensing costs. This allows specialized application scripting features such as the OpenScript Engine to be enabled on a pertenant basis, without any impact on the other tenants that are configured within the same Brocade ADX device. This granular level of flexibility and tenant control allows the most efficient allocation of hardware resources, application delivery features, and delivery of critical services. 6
Figure 5: Tenant application processor allocation flexibility. The flexibility to provision tenant capacity is shown in Figure 5. Tenant 1 keeps the same capacity, while the capacity for Tenant 2 is tripled, and the capacity of Tenant 3 is reduced by half. Tenant capacity allocation can be provisioned in any order, whenever there is available resource or capacity, Tenant capacity allocation allows maximum flexibility and increases the operational efficiency that is required in a multitenancy cloud hosting environment. Simplicity The Brocade ADX Series simplifies the provisioning process and network management by offering individual (tenant) resource management and global system/device level management in a multitenant environment. Tenant level control includes dynamic software and hardware resource provisioning, management, and monitoring of one or many ADX instances via a common control plane, in support of true cloud service delivery. Each individual tenant can utilize any of the system s Command-Line Interface (CLI), Graphical User Interface (GUI), or Extensible Markup Language Application Programming Interfaces (XML APIs) to control its own resource management. To provide the most comprehensive management and troubleshooting information, global control of system and network information can also be accessed to provide an aggregate or global view of the overall network infrastructure. Conclusion Service providers and service-oriented IT organizations need to be able to fully virtualize their offerings to simplify the provisioning of new services, while minimizing management overhead and reducing the cost of their infrastructure. This infrastructure must deliver the same guaranteed performance and resource isolation as a dedicated, purpose-built environment. Brocade offers a comprehensive portfolio of virtualized application delivery solutions that provide the flexibility and isolation to meet the demands of cloud application delivery networks. A single virtualized multitenant platform enables the consolidation of the application delivery infrastructure that must be deployed on a per-customer basis. This allows much more efficient use of valuable data center resources such as space, power, and cooling while providing simplified management, which results in an overall lower Total Cost of Ownership (TCO). Full resource isolation of virtual tenants ensures security, compliance mandates, and adherence to service SLAs through hardware-based traffic separation and independent configuration management. Flexible allocation of hardware resources for each virtual tenant allows differentiated levels of service offerings and capacity while reducing the overall Capital Expenditure (CapEx) and Operating Expenditure (OpEx) per customer. And finally, global and local control of device and tenant resources simplifies the management and provisioning of the multitenant environment. 7
About Brocade Brocade networking solutions help the world s leading organizations transition smoothly to a world where applications and information reside anywhere. This vision is realized through the Brocade One strategy, which is designed to deliver key business benefits such as unmatched simplicity, non-stop networking, application optimization, and investment protection. Innovative Ethernet and storage networking solutions for data center, campus, and service provider networks help reduce complexity and cost while enabling virtualization and cloud computing to increase business agility. To help ensure a complete solution, Brocade partners with world-class IT companies and provides comprehensive education, support, and professional services offerings. To learn more visit www.brocade.com Corporate Headquarters San Jose, CA USA T: +1-408-333-8000 info@brocade.com European Headquarters Geneva, Switzerland T: +41-22-799-56-40 emea-info@brocade.com Asia Pacific Headquarters Singapore T: +65-6538-4700 apac-info@brocade.com 2015 Brocade Communications Systems, Inc. All Rights Reserved. 05/15 GA-WP-1705-01 ADX, Brocade, Brocade Assurance, the B-wing symbol, DCX, Fabric OS, HyperEdge, ICX, MLX, MyBrocade, OpenScript, The Effortless Network, VCS, VDX, Vplane, and Vyatta are registered trademarks, and Fabric Vision and vadx are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries. Other brands, products, or service names mentioned may be trademarks of others. Notice: This document is for informational purposes only and does not set forth any warranty, expressed or implied, concerning any equipment, equipment features, or service offered or to be offered by Brocade. Brocade reserves the right to make changes to this document at any time, without notice, and assumes no responsibility for its use. This information document describes features that may not be currently available. Contact a Brocade sales office for information on feature and product availability. Export of technical data contained in this document may require an export license from the United States government.