The news of high-profile targeted data center attacks has dominated security news recently. But data center attacks are even more prevalent than those headlines suggest. In fact, a survey conducted last summer by Network World suggests that 67 percent of data center administrators experienced downtime due to malware and related attacks in the previous 12 months.
A key challenge is that many of today’s security solutions are simply not designed for the data center, with limitations in both provisioning and performance. The situation will likely get worse before it gets better as data center traffic grows exponentially and data centers migrate from physical, to virtual, to next-generation environments like Software-Defined Networks (SDN) and Application Centric Infrastructures (ACI).
Read More »
Tags: #CLUS14, ACI, Adaptive Virtual Security Appliance, application centric infrastructure, ASAv, Cisco Validated Design, CVD, cybersecurity, malware, SDN, security, software defined networks
What is Next-Gen Workload Mobility for the Private Cloud?
Enterprises across the globe have been asking for simpler ways to provide multi-site Business Continuity and Workload Mobility for applications hosted in their Private Cloud. The Cloud promises a more agile operational environment and that promise has been fulfilled to a large extent within their data centers. But many Enterprises are challenged to unlock this same agility across multi-site Cloud topologies. For example, Enterprise CTOs and CIOs have asked us directly to provide simplified Workload Mobility of critical apps between sites to give their operations teams more flexibility.
Many competitive solutions offer basic VM mobility between sites and storage replication, but do not address the rest of the application environment including: security, stateful services, network containers, tenancy, and most importantly both physical and virtual resources.
What good does it do to move a VM to a new site if the rest of the application environment is left behind causing a potential security hole?
This blogs directly addresses multi-site Workload Mobility and provides some compelling test results from our new Business Continuity and Workload Mobility Solution for Private Cloud.
How to move a LIVE 3-tier app like Microsoft SharePoint to a new site (without impacting users)
As we all know, business critical applications require a robust service environment to operate securely across the cloud. In our example below, the application environment provides firewall and load balancing services for each tier of the SharePoint application; web, app, and database tiers. These services are stitched together using a secure Network Container that carve out a slice of resources across the data center for SharePoint. Most Enterprises and SPs use a mix of physical and virtual resources including firewalls, load balancers, VPN termination, IDS, and network switching. Many of these services create stateful connections to users, so….
- If you perform a live migration of SharePoint to a new site, stateful connections to firewalls and load balancers need to be preserved to maintain security and TCP connections to active users.
Broken user connections = Service disruption (that’s not good)
- You must also provide identical security and services for new SharePoint users even though the application has moved to a new site.
Broken Network Services = Potential Security hole (that’s even worse)
How does Next-Gen Workload Mobility actually work?
Let’s share some test results from our new Business Continuity and Workload Mobility Solution to illustrate how we performed live SharePoint migrations to a new site (75 km away) while maintaining security, stateful services, and user connections. Oh yes, automatically without manual intervention.
Baseline topology for Microsoft SharePoint deployed in our Private Cloud
We first deployed the SharePoint Web, App, and Database tiers in a secure network container in Data Center 1 using service orchestration, simple and easy. Refer to the figure below for a topology picture.
- SharePoint Web Tier is in a Public Zone, and uses a virtual firewall (VSG) and Citrix load balancer
- SharePoint App Tier and Database Tier (SQL) are in a Protected Zone and use an ASA Firewall and Citrix load balancer
- Our validated design provides LAN extensions, extended clusters, secure network containers, virtual switching, and storage replication between Metro sites
SharePoint is up and running in Data Center 1, supporting hundreds of users with secure connections. Now let’s move SharePoint to a new site without the users knowing it.
Step 1: Perform Live SharePoint Migration to Data Center 2….while maintaining secure user connections!
We performed a Live vMotion of SharePoint (Web, App, Database) to new hosts in Data Center 2, described in the figure below. Data Center 2 is 75 km away. Our SharePoint migration had minimal disruption (2 seconds or less) and maintained security, stateful services, and all user connections across our multi-site Cloud. Pretty sweet! A few highlights from our validated design are provided below.
- Our virtual switch (Nexus 1000v), virtual firewall (VSG), and UCS automatically updated Port and Security Profiles at the new site, so our virtual switching and application firewalls were preserved without lifting a finger.
- Layer 2 Extensions permit tromboning back to Data Center 1 to maintain connections to physical appliances (stateful firewalls and load balancers), also without manual intervention.
- Our Network Container was automatically extended between Metro sites, maintaining security, tenancy, QoS, IP addressing, and user connections. SharePoint was discovered on the new host in Data Center 2 within seconds, using this extended Network Container.
Now let’s move the rest of the network container to Data Center 2 in less than one second!
Step 2: Redirect users to a new Network Container in Data Center 2….in less than 1 second!
With the aid of service orchestration, we simply created a new network container in Data Center 2. This new container included the same configuration, connections, and services (firewalls, load balancers) as the original container in Data Center 1. Once created, we simply redirected external users to the SharePoint application running in Data Center 2, as described below. The redirection of users happened in less than one second, pretty amazing. A simple routing update delivered through service orchestration performed the redirection. In this step, user connections were broken and new connections were re-established to the already running SharePoint application in less than one second! A few highlights from our validated design are provided below.
- Layer 2 Extensions allowed the preservation of IP Addressing for Apps and Services during migration. There is no need to “re-IP” your applications just because they’ve moved to a different city.
- The complete Network Container including physical and virtual resources was moved with minimal disruption (sub-second) to users
- Our Multi-site Cloud solution supports a typical application environment, including both physical and virtual resources, with scaling for large and small private clouds
- We also support Cold workload moves of less critical workloads that don’t require these stringent stateful requirements.
For More Info:
We encourage you to follow my blog series and check out our new business continuity and workload mobility solution (VMDC DCI), which describes key business drivers, Cisco DCI innovations, and validated designs that our customers are deploying in their private clouds.
Deploy with confidence! (and sleep better knowing your Cloud is more reliable and secure)
- CVD Design Guide – Cisco Business Continuity and Workload Mobility solution (VMDC DCI )
- Solution Overview – Cisco Business Continuity and Workload Mobility solution (VMDC DCI)
- BrightTalk Session – VMDC DCI for Business Continuity and Workload Mobility in the Private Cloud (webcast)
In the same blog series:
Tags: application security, application virtualization, business continuity, Business Continuity and Availability, Cisco Validated Design, cloud, Cloud Computing, cloud data center, Data Center Interconnect, Network Services, Workload Mobility
The times keep changing: first there were devices, then there were apps, and today, if you don’t develop a strategy for enterprise mobility and get ahead of the trend, the mobile wave will leave you behind. A year ago, after talking with many of our customers, partners, and our own technical sales teams, we realized that IT organizations were facing enormous challenges when making the transition from simple BYOD to adopting an enterprise mobility strategy across the business. As is typical during such tremendous market transitions like mobility, IT organizations were spending a lot of time figuring out how to line up the pieces required to support a mobile workforce, sorting through and weighing the many technology and vendor choices.
Today in conjunction with our friends at Citrix, we are happy to highlight the Cisco Mobile Workspace Solution with Citrix, built on the Citrix Workspace Suite. We are very excited to deliver this first of its kind, comprehensive solution to our customers. Today I’d like to take a step back and set the stage for the Cisco Mobile Workspace Solution with Citrix by taking you through our thought process in creating the right enterprise mobility solution for our customers. Read More »
Tags: ACI, App, byod, Cisco Validated Design, citrix, Citrix Workspace Suite, Complexity, customer, device, Enterprise, experience, mobile, mobile workspace, mobility, sales, secure, security, technology, trend, wifi, wireless
In my previous blog, we provided an overview of the critical use cases and innovations we included in our new Business Continuity and Workload Mobility Solution for Private Cloud. This blog highlights the critical trends and challenges driving new multi-site Cloud designs.
Two important trends are driving CTO’s and CIO’s to deploy new multi-site Cloud solutions that provide better Business Continuity, Workload Mobility, and Disaster Recovery.
- More workloads are moving to the Private and Public Cloud versus the traditional data center
- Cloud Data Centers have a higher density of workloads per server than traditional data centers due to increased virtualization.
Cisco Global Cloud Index: Forecast and Methodology, 2012–2017
This ever increasing volume of Cloud hosted workloads is placing serious pressure on operations teams to manage larger scale data centers, and insure that they keep these workloads up and running, avoiding costly downtime or a nightmare service outage. Many of the CTO’s and CIO’s we’ve worked with are re-assessing their Multi-site strategy to insure they can answer some tough questions:
- What are the common weak points of multi-site Cloud designs that could prevent us from achieving our Business Continuity goals for our critical apps? Can we avoid them?
- How can we provide Workload Mobility between sites to provide a more agile Cloud environment?
- In the event of site outage, can our Private Cloud reduce the time it takes to recover critical applications to a new site?
- How can our Private Cloud deliver these critical services (Business Continuity, Workload Mobility, and Disaster Recovery) with lower cost and complexity?
Read More »
Tags: application virtualization, business continuity, Cisco CVD, Cisco Validated Design, cloud, Cloud Computing, data center, disaster recovery, private cloud, Workload Mobility
Built upon our vision of shared infrastructure and unified management, the Cisco UCS Common Platform Architecture (CPA) for Big Data has become a leading platform for Big Data deployments. Today we are announcing support for Cloudera Enterprise 5 – an industry leading data management platform that combines Apache Hadoop with a number of other open source projects all integrated in to a single enterprise ready platform. The joint solution is tested and certified by Cisco and Cloudera to accelerate enterprise Hadoop deployments while significantly reducing the risks, complexity, and total cost of ownership.
With Hadoop at its core, Cloudera Enterprise enables an enterprise data hub by making it economically viable and technically feasible for enterprises to keep all their data in a single, centralized platform, from which they can store, process and analyze data in full fidelity, for a variety of enterprise workloads. Cloudera Enterprise 5 delivers tight integration with existing enterprise data management systems including key attributes to deliver robust security, governance, and data protection and management that enterprises require.
The Cisco and Cloudera joint solution is available in two reference architectures, Performance-Capacity Balanced and Capacity Capacity Optimized, both support up to 10 racks at 16 servers each without additional switches. The Performance-Capacity Balanced configuration provides an excellent balance of computing power and storage capacity supporting 32GBps of I/O bandwidth and 384TB storage per rack. The Capacity Optimized configuration provides a high storage density for storage-intensive deployments supporting 16GBps of I/O bandwidth and 768TB storage per rack for a total of 7.68PB when scaled to a 10 rack configuration.
Scaling beyond 10 racks (160 servers) can be implemented by interconnecting multiple UCS domains using Nexus 7000/9000 Series switches, scalable to thousands of servers and to hundreds of petabytes storage, and managed from a single pane using UCS Central in a datacenter or distributed globally.
The base rack configuration is available through Cisco UCS Solution Accelerator Paks for Big Data program, designed for: ease of ordering, rapid deployments, tested and validated for performance, and optimized for cost of ownership. Performance and Capacity Balanced rack SKU: UCS-SL-CPA2-PC and Capacity Optimized rack SKU: UCS-SL-CPA2-C.
Big Data Design Zone
Cisco Validated Design: Cisco UCS CPA for Big Data with Cloudera
Tags: Big Data, Cisco UCS CPA, Cisco Validated Design, Cloudera, Cloudera Enterprise 5