www.ens-inc.com
Next-Gen Securitized Network
Virtualization
Effective DR and Business Continuity Strategies
Simplify when the lights go out…
Your premiere California state government technology provider.
California Certified Small Business IT Consulting Master Services Agreement E-RateFor Schools & Libraries
1. High level goal of DR BCP Plan from Senior Management
2. Build definition of Recovery Point Objectives And Recovery Time Objectives
3. Build Recovery Scenario as part of the DR/BCP plan
4. Access current state of hardware:
•
Storage solutions
•
Compute Solution
•
Network
•
User connectivity (how do they access the new recovery facility)
•
WAN (Optical transport to Recovery Facility)
•
Internet connectivity ( IP Address mobility via BGP)
DCA
DCB
DCC
DCD
Downtown CoreDCE
Partner
Fiber
OWNED
Fiber
OW
NED
Fibe
r
DCF
DCG
Internet
Internet
Internet
What Problems Are We Solving?
`
Virtual & Physical ESX Instances Converged Fabric Cloud Management Virtual & Physical ESX Instances Storage Pods Facility A Redundant DWDM 10G Rings Facility B Facility CWhat Problems Are We Solving?
Stretch Layer 2 Vlan
What Problems Are We Solving?
What Problems Are We Solving?
Virtual Datacenter
Dedicated Security Appliance
Router & Firewall IPsec & SSL VPN Mail Security Web Filtering DOS Protection VDI & Session Desktop Controllers VDI / Xenapp Virtual Machines VDI / Xenapp Virtual Machines VDI / Session Desktop VMs Citrix Xenapp/Desktop VMware View/Horizon Microsoft RDS/RemoteFX Windows Servers Windows Servers Windows Server VMs Linux Servers Linux Servers Linux Server VMs Web Servers Oracle Databases Custom Applications Active Directory Exchange Servers SQL Server / BI Tools SharePoint SQL Secure vCenter Access Monitoring Backup & DR Private VLANs Public IP Network
& Metro Ethernet
VSA / Replication Instance • A full DC as a service • Advanced security • Flexible management • Backup & DR between
Mirrored DCs
• Deployed today with : • eCommerce
• Educational Orgs • Healthcare Providers • Machine to Machine
The Benefits of Virtualization
Server Virtualization
Allows aggregation of multiple independent virtual servers to exist on
a physical server
Network Virtualization
Decouples the physical infrastructure from the connectivity services making the network adaptive and dynamic with simple
one-touch provisioning
Network Virtualization enabled via Shortest Path Bridging
Compute Access Data Center Core Campus Core Distribution Layer Access Layer
What Problems Are We Solving?
Need to simplify the network
Provision at the “edge”
One Configuration Command
Seamless Network Extension
Time to Service
Network Visibility
Simplified Troubleshooting
Multi-pathing – symmetric flows
On-going Operations
DR/BC Cloud
What Problems Are We Solving?
Need to improve efficiency and flexibility
Using All Paths and Bandwidth
Fast Convergence
MAC Explosion
Simplified Change Control
Efficiency
Physical Topology Independent
Service Virtualization L2/L3
Networks Where Needed
Small to Large Networks
Flexibility
What Problems Are We Solving?
Synergy Between Server Virtualization and the Network
Transparent Network Services
Removing Boundaries
Simplified Infrastructure
Reduce Human Error Factor
VM Mobility
Network virtualization simplifies VM
Mobility and Network
Management completes the
solution
Private Cloud Virtual Service Network
Shortest Path Bridging – L2 Service VSN
A VLAN provisioned at the edge of the fabric is mapped into the Virtual Service Network using the Service Identifier (I-SID)
IS-IS advertises all new services and
communities of interest (I-SID information) to the network and the Forwarding Data Base is updated with I-SID Service
specific entries ISIS ISIS ISIS ISIS ISIS ISIS ISIS ISIS ISIS ISIS ISIS Unified Management
Assign VLAN20 I-SID 100
Vlan 20
Virtual Service Network I-SID 100
Vlan 20
Shortest Path Bridging – L3 Service VSN
A Virtual Routing instance (VRF)provisioned at the edge of the fabric is mapped into the Virtual Service Network using the Service Identifier (I-SID)
IS-IS advertises all new services and
communities of interest (I-SID information) to the network as well as the VRF IP
routes which are only accepted and
installed on other nodes in the same I-SID
ISIS ISIS ISIS ISIS ISIS ISIS ISIS ISIS ISIS ISIS ISIS Unified Management
Assign VRF-2 IPVPN I-SID 200
VRF2
VRF2 Virtual Service Network I-SID 200 Vlan / IP net1
Vlan / IP net2
Vlan / IP net3 Vlan / IP net4
Traditional Protocol Stack
SPB’s simplicity
e.g. PIM Protocol Infrastructure e.g. RIP/OSPF Protocol Infrastructure e.g. 802.1q/D Protocol Infrastructure 802.1D/Q (STP/VLAN) UC IGP (IS-IS or OSPF) Layer 3 Unicast Service Layer 3 Multicast Service Physical Infrastructure T op – D ow n Vert ic al dependenc y e.g. RFC4364 Protocol Infrastructure e.g. Draft RosenProtocol Infrastructure Layer 3 Virtualized Multicast Service Layer 3 Virtualized Unicast Service Layer 3 Virtualized Multicast Service Layer 3 Virtualized Unicast Service Layer 3 Multicast Service Layer 3 Unicast Service Layer 2 Virtualized Service IP/SPB, SPBm/SPBm Protocol Infrastructure Ethernet Physical Infrastructure Horizontally Independent
Connectivity Services Independent from Infrastructure e.g. VPLS Protocol Infrastructure MPLS layers TRILL / FabricPath Ethernet Layer 2 Virtualized Service Layer 2 Virtualized Unicast Service OTV
Tester Tester 8600C 8600G 8600D GRT IP Shortcuts vlan 13 10.0.13.0/24 vlan 14 10.0.14.0/24 GRT IP Shortcut
I-SID 20010
vlan 10 vlan 10 L2VSNI-SID 20009
vlan 9 vlan 19 L2VSN I-SID 20012 vlan 12 vlan 11 I-SID 20011 vlan 11 10.100.11.0/24 vlan 12 10.100.12.0/24 Inter-VSNI-SID 30001
vlan 101 10.1.101.0/24 vlan 102 10.1.102.0/24 L3VSNI-SID 30002
vlan 201 10.2.201.0/24 vlan 202 10.2.202.0/24 L3VSNBGP IPVPN-Lite
vlan 401 10.4.41.0/24 vlan 402 10.4.42.0/24 IPVPN-Lite over SPB I-SID 30005 vlan 51 I-SID 20015 vlan 51 10.5.51.0/24 vlan 52 10.5.52.0/24 L2VSN +L3VSN V ir tu al iz ed Ser v ices In fr astr u c tu reHigh Availability &
High Performance Storage
• Detects failures and automatically relocates virtual machines
• Active / Active redundant storage with hitless switchover
• Advanced SSD caching delivers high performance at reasonable cost
• Fully redundant network and power infrastructure
• Failover to Second DR site
Redundant 10G / 40G Network
Active / Active HA Storage Real-Time Replication
Level 1 Level 2 Level 3
• Backup & DR Service Portal
• End user control over backup & DR test processes
• Enables a new class of self provisioned DR services
• Traditional File level Backup of machines replicated to a recovery facility.
REPLICATION SITE PROTECTED SITE WAN vCenter Server Virtual Manager VDisk VDisk VDisk vCenter Server Virtual Manager VM VM ESX/ESXi VM
VDisk VDisk VDisk VDisk
VM VM ESX/ESXi VM Virtual Replication Appliance VDisk VM VM ESX/ESXi VM VM / VDisk Virtual Replication Appliance Virtual Replication Appliance
VDisk VDisk Journal
REPLICATION SITE PROTECTED SITE WAN vCenter Server Virtual Manager VDisk VDisk VDisk vCenter Server Virtual Manager VM VM ESX/ESXi VM
VDisk VDisk VDisk VDisk
VM VM ESX/ESXi VM Virtual Replication Appliance VDisk VM VM ESX/ESXi VM VM / VDisk Virtual
Replication Appliance Replication Appliance Virtual
VDisk VDisk
Replicate from
anything to anything
save cost and reuse HW
Highly Scalable
Software only, hypervisor based, scale-out architecture
RPO = Seconds No App Performance Impact Near-sync, continuous replication Journal Bandwidth Optimization, WAN resiliency
Built-in WAN compression & throttling
Point-in-Time Recovery - Recover from Logical Failures
Journal based any point in time recovery - No snapshots
Application Protection: Virtual Protection VPG
Complete application protection and recovery
• VM & VMDK level consistency groups • Protect across server and storage
locations
• Fully support VMotion, Storage VMotion, HA, vApp
• Journal-based point-in-time protection • Group policy and configuration
• VSS Support REPLICATION SITE PROTECTED SITE vCenter Server Virtual Manager VM VM ESX/ESXi VMDK VMDK VM VM VM VM VM VRA VM App Web DB VM VM ESX/ESXi VRA VM VM VM LDAP VM VM Web App VM VMDK VMDK VMDK VMDK VMDK VMDK VMDK VMDK VMDK VMDK VMDK VMDK VMDK VMDK
Application
SharePoint, CRM, ERP, Exchange etc.
Virtual
Protection
How Does BC/DR Work?
REPLICATION SITE PROTECTED SITE WAN vCenter Server Virtual Manager Journal vCenter Server Virtual Manager VM VM ESX/ESXi VM VRAVDisk VDisk VDisk VDisk
VM VM ESX/ESXi VM VRA VDisk VDisk VM VM ESX/ESXi VM VRA VM / VDisk 100% Virtual Aware Protection virtual machines, virtual disks, virtual
networks
RTO = Minutes!
Fully automated failover and failback of multiple VMs
Including boot order, IP reconfiguration, test networks
and more VM VM VM VDisk VDisk Click-to-Test, Anytime
Immediate, automated, failover testing while protecting production, also to previous
point in time
Offsite Cloning
Clone entire app offsite for test & dev or backup