• No results found

Next-Gen Securitized Network Virtualization

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Next-Gen Securitized Network Virtualization"

Copied!
22
0
0

Loading.... (view fulltext now)

Download now ( 22 Page )

Full text

(1)

www.ens-inc.com

Next-Gen Securitized Network

Virtualization

Effective DR and Business Continuity Strategies

Simplify when the lights go out…

(2)

Your premiere California state government technology provider.

California Certified Small Business IT Consulting Master Services Agreement E-Rate

For Schools & Libraries

(3)

1. High level goal of DR BCP Plan from Senior Management

2. Build definition of Recovery Point Objectives And Recovery Time Objectives

3. Build Recovery Scenario as part of the DR/BCP plan

4. Access current state of hardware:

Storage solutions

Compute Solution

Network

User connectivity (how do they access the new recovery facility)

WAN (Optical transport to Recovery Facility)

Internet connectivity ( IP Address mobility via BGP)

(4)

DCA

DCB

DCC

DCD

Downtown Core

DCE

Partner

Fiber

OWNED

Fiber

OW

NED

Fibe

r

DCF

DCG

Internet

Internet

Internet

What Problems Are We Solving?

(5)

`

Virtual & Physical ESX Instances Converged Fabric Cloud Management Virtual & Physical ESX Instances Storage Pods Facility A Redundant DWDM 10G Rings Facility B Facility C

What Problems Are We Solving?

Stretch Layer 2 Vlan

(6)

What Problems Are We Solving?

(7)

What Problems Are We Solving?

(8)

Virtual Datacenter

Dedicated Security Appliance

Router & Firewall IPsec & SSL VPN Mail Security Web Filtering DOS Protection VDI & Session Desktop Controllers VDI / Xenapp Virtual Machines VDI / Xenapp Virtual Machines VDI / Session Desktop VMs Citrix Xenapp/Desktop VMware View/Horizon Microsoft RDS/RemoteFX Windows Servers Windows Servers Windows Server VMs Linux Servers Linux Servers Linux Server VMs Web Servers Oracle Databases Custom Applications Active Directory Exchange Servers SQL Server / BI Tools SharePoint SQL Secure vCenter Access Monitoring Backup & DR Private VLANs Public IP Network

& Metro Ethernet

VSA / Replication Instance • A full DC as a service • Advanced security • Flexible management • Backup & DR between

Mirrored DCs

• Deployed today with : • eCommerce

• Educational Orgs • Healthcare Providers • Machine to Machine

(9)

The Benefits of Virtualization

Server Virtualization

Allows aggregation of multiple independent virtual servers to exist on

a physical server

Network Virtualization

Decouples the physical infrastructure from the connectivity services making the network adaptive and dynamic with simple

one-touch provisioning

Network Virtualization enabled via Shortest Path Bridging

Compute Access Data Center Core Campus Core Distribution Layer Access Layer

(10)

What Problems Are We Solving?

Need to simplify the network

 Provision at the “edge”

 One Configuration Command

 Seamless Network Extension

Time to Service

 Network Visibility

 Simplified Troubleshooting

 Multi-pathing – symmetric flows

On-going Operations

DR/BC Cloud

(11)

What Problems Are We Solving?

Need to improve efficiency and flexibility

 Using All Paths and Bandwidth

 Fast Convergence

 MAC Explosion

 Simplified Change Control

Efficiency

 Physical Topology Independent

 Service Virtualization L2/L3

 Networks Where Needed

 Small to Large Networks

Flexibility

(12)

What Problems Are We Solving?

Synergy Between Server Virtualization and the Network

 Transparent Network Services

 Removing Boundaries

 Simplified Infrastructure

 Reduce Human Error Factor

VM Mobility

Network virtualization simplifies VM

Mobility and Network

Management completes the

solution

Private Cloud Virtual Service Network

(13)

Shortest Path Bridging – L2 Service VSN

A VLAN provisioned at the edge of the fabric is mapped into the Virtual Service Network using the Service Identifier (I-SID)

IS-IS advertises all new services and

communities of interest (I-SID information) to the network and the Forwarding Data Base is updated with I-SID Service

specific entries ISIS ISIS ISIS ISIS ISIS ISIS ISIS ISIS ISIS ISIS ISIS Unified Management

Assign VLAN20  I-SID 100

Vlan 20

Virtual Service Network I-SID 100

Vlan 20

(14)

Shortest Path Bridging – L3 Service VSN

A Virtual Routing instance (VRF)

provisioned at the edge of the fabric is mapped into the Virtual Service Network using the Service Identifier (I-SID)

IS-IS advertises all new services and

communities of interest (I-SID information) to the network as well as the VRF IP

routes which are only accepted and

installed on other nodes in the same I-SID

ISIS ISIS ISIS ISIS ISIS ISIS ISIS ISIS ISIS ISIS ISIS Unified Management

Assign VRF-2  IPVPN I-SID 200

VRF2

VRF2 Virtual Service Network I-SID 200 Vlan / IP net1

Vlan / IP net2

Vlan / IP net3 Vlan / IP net4

(15)

Traditional Protocol Stack

SPB’s simplicity

e.g. PIM Protocol Infrastructure e.g. RIP/OSPF Protocol Infrastructure e.g. 802.1q/D Protocol Infrastructure 802.1D/Q (STP/VLAN) UC IGP (IS-IS or OSPF) Layer 3 Unicast Service Layer 3 Multicast Service Physical Infrastructure T op – D ow n Vert ic al dependenc y e.g. RFC4364 Protocol Infrastructure e.g. Draft Rosen

Protocol Infrastructure Layer 3 Virtualized Multicast Service Layer 3 Virtualized Unicast Service Layer 3 Virtualized Multicast Service Layer 3 Virtualized Unicast Service Layer 3 Multicast Service Layer 3 Unicast Service Layer 2 Virtualized Service IP/SPB, SPBm/SPBm Protocol Infrastructure Ethernet Physical Infrastructure Horizontally Independent

Connectivity Services Independent from Infrastructure e.g. VPLS Protocol Infrastructure MPLS layers TRILL / FabricPath Ethernet Layer 2 Virtualized Service Layer 2 Virtualized Unicast Service OTV

(16)

Tester Tester 8600C 8600G 8600D GRT IP Shortcuts vlan 13 10.0.13.0/24 vlan 14 10.0.14.0/24 GRT IP Shortcut

I-SID 20010

vlan 10 vlan 10 L2VSN

I-SID 20009

vlan 9 vlan 19 L2VSN I-SID 20012 vlan 12 vlan 11 I-SID 20011 vlan 11 10.100.11.0/24 vlan 12 10.100.12.0/24 Inter-VSN

I-SID 30001

vlan 101 10.1.101.0/24 vlan 102 10.1.102.0/24 L3VSN

I-SID 30002

vlan 201 10.2.201.0/24 vlan 202 10.2.202.0/24 L3VSN

BGP IPVPN-Lite

vlan 401 10.4.41.0/24 vlan 402 10.4.42.0/24 IPVPN-Lite over SPB I-SID 30005 vlan 51 I-SID 20015 vlan 51 10.5.51.0/24 vlan 52 10.5.52.0/24 L2VSN +L3VSN V ir tu al iz ed Ser v ices In fr astr u c tu re

(17)

High Availability &

High Performance Storage

• Detects failures and automatically relocates virtual machines

• Active / Active redundant storage with hitless switchover

• Advanced SSD caching delivers high performance at reasonable cost

• Fully redundant network and power infrastructure

• Failover to Second DR site

Redundant 10G / 40G Network

Active / Active HA Storage Real-Time Replication

(18)

Level 1 Level 2 Level 3

• Backup & DR Service Portal

• End user control over backup & DR test processes

• Enables a new class of self provisioned DR services

• Traditional File level Backup of machines replicated to a recovery facility.

(19)

REPLICATION SITE PROTECTED SITE WAN vCenter Server Virtual Manager VDisk VDisk VDisk vCenter Server Virtual Manager VM VM ESX/ESXi VM

VDisk VDisk VDisk VDisk

VM VM ESX/ESXi VM Virtual Replication Appliance VDisk VM VM ESX/ESXi VM VM / VDisk Virtual Replication Appliance Virtual Replication Appliance

VDisk VDisk Journal

(20)

REPLICATION SITE PROTECTED SITE WAN vCenter Server Virtual Manager VDisk VDisk VDisk vCenter Server Virtual Manager VM VM ESX/ESXi VM

VDisk VDisk VDisk VDisk

VM VM ESX/ESXi VM Virtual Replication Appliance VDisk VM VM ESX/ESXi VM VM / VDisk Virtual

Replication Appliance Replication Appliance Virtual

VDisk VDisk

Replicate from

anything to anything

save cost and reuse HW

Highly Scalable

Software only, hypervisor based, scale-out architecture

RPO = Seconds No App Performance Impact Near-sync, continuous replication Journal Bandwidth Optimization, WAN resiliency

Built-in WAN compression & throttling

Point-in-Time Recovery - Recover from Logical Failures

Journal based any point in time recovery - No snapshots

(21)

Application Protection: Virtual Protection VPG

Complete application protection and recovery

• VM & VMDK level consistency groups • Protect across server and storage

locations

• Fully support VMotion, Storage VMotion, HA, vApp

• Journal-based point-in-time protection • Group policy and configuration

• VSS Support REPLICATION SITE PROTECTED SITE vCenter Server Virtual Manager VM VM ESX/ESXi VMDK VMDK VM VM VM VM VM VRA VM App Web DB VM VM ESX/ESXi VRA VM VM VM LDAP VM VM Web App VM VMDK VMDK VMDK VMDK VMDK VMDK VMDK VMDK VMDK VMDK VMDK VMDK VMDK VMDK

Application

SharePoint, CRM, ERP, Exchange etc.

Virtual

Protection

(22)

How Does BC/DR Work?

REPLICATION SITE PROTECTED SITE WAN vCenter Server Virtual Manager Journal vCenter Server Virtual Manager VM VM ESX/ESXi VM VRA

VDisk VDisk VDisk VDisk

VM VM ESX/ESXi VM VRA VDisk VDisk VM VM ESX/ESXi VM VRA VM / VDisk 100% Virtual Aware Protection virtual machines, virtual disks, virtual

networks

RTO = Minutes!

Fully automated failover and failback of multiple VMs

Including boot order, IP reconfiguration, test networks

and more VM VM VM VDisk VDisk Click-to-Test, Anytime

Immediate, automated, failover testing while protecting production, also to previous

point in time

Offsite Cloning

Clone entire app offsite for test & dev or backup

References

Download now ( PDF - 22 Page - 3.35 MB )

Related documents

VDI and session-based desktop virtualization:

The vSpace Desktop and Application Virtualization platform uses the session based architecture and drives the benefits of higher IT simplicity, efficiency and flexibility while

Public Disclosure Authorized. Public Disclosure Authorized. Economy Profile: Public Disclosure Authorized. Niger. Public Disclosure Authorized

Doing Business measures the ease of starting a business in an economy by recording all procedures that are officially required or commonly done in practice by

Assessing the maintainance in strata high rise residential property / Siti Norhamizah Nabilah Nor Zahid

Bachelor of Building Surveying (Hons) Centre of Studies for Building Surveying Faculty of Architecture, Planning & Surveying..

Whitepaper: How the Cloud is Reshaping Virtual Desktops

The need to reevaluate desktop strategies is driving many companies to consider virtual desktop infrastructure (VDI)—and with good reason; VDI has promised to solve many

Whitepaper: A Business Case For Virtual Desktop Infrastructure (VDI) Deployments

(BroadWorks) virtual hosted communications, video & contact center platform services along with virtualized desktop (VDI), Secure Private Network (SPN) capabilities and a

Unified Threat Management, Managed Security, and the Cloud Services Model

Virtual private network (IPSec and SSL) Firewall + VPN Firewall Secure Content Management Antivirus Antispyware Web filtering Messaging security. Intrusion Detection

XenApp & XenDesktop - the Business Conversation

 XenApp  extends   the  benefits  of  desktop  virtualization  to  corporate   laptops,  on  or  off  the  network,  to  centralize  and  .. Remote  &

Workspace & Storage Infrastructure for Service Providers

Virtual Desktop Infrastructure (VDI) with SolidFire Adaptable Infrastructure Eliminate Storage Sprawl Granular Scalability Simplified VDI Administration Lowest $/Desktop.