Next-Gen Securitized Network Virtualization Effective DR and Business Continuity Strategies Simplify when the lights go out www.ens-inc.com
Your premiere California state government technology provider. California Certified Small Business IT Consulting Master Services Agreement E-Rate For Schools & Libraries Spring Fed Pool 2
Abstract From ENS-Inc DR/BC Workshop 1. High level goal of DR BCP Plan from Senior Management 2. Build definition of Recovery Point Objectives And Recovery Time Objectives 3. Build Recovery Scenario as part of the DR/BCP plan 4. Access current state of hardware: Storage solutions Compute Solution Network User connectivity (how do they access the new recovery facility) WAN (Optical transport to Recovery Facility) Internet connectivity ( IP Address mobility via BGP) 3
OWNED Fiber What Problems Are We Solving? Regional Digital Real Estate OWNED Fiber Downtown Core DCA DCB Internet Internet DCD Partner Fiber DCE Internet DCC DCG DCF 4
What Problems Are We Solving? Stretch Layer 2 Vlan AxisFlow Data Center 10G Inter-Connect Facility A Cloud Management Facility B Redundant DWDM 10G Rings Virtual & Physical Virtual & Physical ESX Instances ESX Instances ` Storage Pods Converged Fabric Facility C 5
What Problems Are We Solving? Secure Connectivity 6 6
What Problems Are We Solving? Building Agile CWDM, DWDM Infrastructure 7
Virtual Datacenter A full DC as a service Advanced security Flexible management Backup & DR between Mirrored DCs Deployed today with : ecommerce Educational Orgs Public IP Network & Metro Ethernet Healthcare Providers Machine to Machine Dedicated Security Appliance Router & Firewall IPsec & SSL VPN Mail Security Web Filtering DOS Protection Secure vcenter Access Monitoring Backup & DR Private VLANs VDI & Session Desktop Controllers Citrix Xenapp/Desktop ware View/Horizon Microsoft RDS/RemoteFX Windows Servers Windows Servers Windows Server s Active Directory Exchange Servers SQL Server / BI Tools SharePoint SQL VSA / Replication Instance VDI / Xenapp VDI / Virtual Xenapp VDI / Machines Virtual Session Machines Desktop s Linux Servers Linux Servers Linux Server s Web Servers Oracle Databases Custom Applications 8
The Benefits of Virtualization Compute Access Data Center Core Campus Core Distribution Layer Access Layer Server Virtualization Allows aggregation of multiple independent virtual servers to exist on a physical server Network Virtualization Decouples the physical infrastructure from the connectivity services making the network adaptive and dynamic with simple one-touch provisioning Network Virtualization enabled via Shortest Path Bridging 9
What Problems Are We Solving? Need to simplify the network Time to Service Provision at the edge One Configuration Command Seamless Network Extension On-going Operations Network Visibility Simplified Troubleshooting Multi-pathing symmetric flows DR/BC Cloud Virtual Service Network 10
What Problems Are We Solving? Need to improve efficiency and flexibility Efficiency Using All Paths and Bandwidth Fast Convergence MAC Explosion Simplified Change Control Flexibility Physical Topology Independent Service Virtualization L2/L3 Networks Where Needed Small to Large Networks Private Cloud 11
What Problems Are We Solving? Synergy Between Server Virtualization and the Network Mobility Transparent Network Services Removing Boundaries Simplified Infrastructure Reduce Human Error Factor Network virtualization simplifies Mobility and Network Management completes the solution Virtual Service Network Private Cloud 12
What Problems Are We Solving? Shortest Path Bridging L2 Service VSN Unified Management A VLAN provisioned at the edge of the fabric is mapped into the Virtual Service Network using the Service Identifier (I-SID) Assign VLAN20 I-SID 100 Vlan 20 Virtual Service Network I-SID 100 IS-IS advertises all new services and communities of interest (I-SID information) to the network and the Forwarding Data Base is updated with I-SID Service specific entries Vlan 20 13
What Problems Are We Solving? Shortest Path Bridging L3 Service VSN Unified Management A Virtual Routing instance (VRF) provisioned at the edge of the fabric is mapped into the Virtual Service Network using the Service Identifier (I-SID) Assign VRF-2 IPVPN I-SID 200 Vlan / IP net1 VRF2 Vlan / IP net2 Virtual Service Network I-SID 200 IS-IS advertises all new services and communities of interest (I-SID information) to the network as well as the VRF IP routes which are only accepted and installed on other nodes in the same I-SID VRF2 Vlan / IP net3 Vlan / IP net4 14
Top Down Vertical dependency SPB vs TRILL / Fabric Path / Traditional + MPLS Traditional Protocol Stack SPB s simplicity OTV Layer 3 Virtualized Multicast Service Layer 3 Virtualized Unicast Service Layer 2 Virtualized Unicast Service MPLS layers e.g. Draft Rosen Protocol Infrastructure e.g. RFC4364 Protocol Infrastructure e.g. VPLS Protocol Infrastructure Layer 3 Virtualized Multicast Service Connectivity Services Independent from Infrastructure Horizontally Independent Layer 3 Virtualized Unicast Service Layer 3 Multicast Service Layer 3 Unicast Service Layer 2 Virtualized Service TRILL / FabricPath Layer 3 Multicast Service Layer UC 3 IGP Unicast (IS-IS Service or OSPF) Layer 2 Virtualized Service 802.1D/Q (STP/VLAN) e.g. PIM Protocol Infrastructure e.g. RIP/OSPF Protocol Infrastructure e.g. 802.1q/D Protocol Infrastructure IP/SPB, SPBm/SPBm Protocol Infrastructure Ethernet Physical Infrastructure Ethernet Physical Infrastructure 15
Virtualized Services Infrastructure Summary of SPB Unicast Services 8600C 8600G 8600D GRT IP Shortcut L2VSN Tester vlan 13 10.0.13.0/24 GRT IP Shortcuts vlan 14 10.0.14.0/24 vlan 10 I-SID 20010 vlan 10 Tester L2VSN vlan 9 I-SID 20009 vlan 19 Inter-VSN vlan 11 10.100.11.0/24 I-SID 20011 vlan 11 vlan 12 I-SID 20012 vlan 12 10.100.12.0/24 L3VSN vlan 101 10.1.101.0/24 I-SID 30001 vlan 102 10.1.102.0/24 L3VSN vlan 201 10.2.201.0/24 I-SID 30002 vlan 202 10.2.202.0/24 L2VSN +L3VSN vlan 51 10.5.51.0/24 I-SID 20015 vlan 51 I-SID 30005 vlan 52 10.5.52.0/24 IPVPN-Lite over SPB vlan 401 10.4.41.0/24 BGP IPVPN-Lite vlan 402 10.4.42.0/24 16
17 High Availability & High Performance Storage Detects failures and automatically relocates virtual machines Active / Active redundant storage with hitless switchover Advanced SSD caching delivers high performance at reasonable cost Fully redundant network and power infrastructure Failover to Second DR site Redundant 10G / 40G Network Active / Active HA Storage Real-Time Replication
18 Backup & Disaster Recovery Services Backup & DR Service Portal Level 3 End user control over backup & DR test processes Enables a new class of self provisioned DR services Traditional File level Backup of machines replicated to a recovery facility. Level 2 Level 1
Virtualized Replication Appliance PROTECTED SITE REPLICATION SITE vcenter Server Virtual Manager vcenter Server Virtual Manager ESX/ESXi ESX/ESXi ESX/ESXi Virtual Replication Appliance Virtual Replication Appliance WAN / Virtual Replication Appliance Journal 19
20 How BC/DR Works PROTECTED SITE vcenter Server Virtual Manager Replicate from anything to anything save cost and reuse HW REPLICATION SITE vcenter Server Virtual Manager ESX/ESXi Virtual Replication Appliance ESX/ESXi Virtual Replication Appliance Highly Scalable Software only, hypervisor based, scale-out architecture WAN / ESX/ESXi Virtual Replication Appliance Journal RPO = Seconds No App Performance Impact Near-sync, continuous replication Bandwidth Optimization, WAN resiliency Built-in WAN compression & throttling Point-in-Time Recovery - Recover from Logical Failures Journal based any point in time recovery - No snapshots
Application Protection: Virtual Protection VPG Web DK PROTECTED SITE DK ESX/ESXi vcenter Server Virtual Manager Application SharePoint, CRM, ERP, Exchange etc. App DK VRA DB VRA LDAP ESX/ESXi Web App Virtual Protection DK Group DK DK DK DK Complete application protection and recovery & DK level consistency groups Protect across server and storage locations Fully support otion, Storage otion, HA, vapp Journal-based point-in-time protection Group policy and configuration VSS Support REPLICATION SITE DK DK DK DK DK DK DK DK 21
How Does BC/DR Work? PROTECTED SITE vcenter Server 100% Virtual Aware Protection virtual machines, virtual disks, virtual networks Virtual Manager RTO = Minutes! Fully automated failover and failback of multiple s Including boot order, IP reconfiguration, test networks and more REPLICATION SITE vcenter Server Virtual Manager ESX/ESXi ESX/ESXi ESX/ESXi VRA VRA WAN / VRA Journal Click-to-Test, Anytime Immediate, automated, failover testing while protecting production, also to previous point in time Offsite Cloning Clone entire app offsite for test & dev or backup 22