What is Next-Gen Workload Mobility for the Private Cloud?
Enterprises across the globe have been asking for simpler ways to provide multi-site Business Continuity and Workload Mobility for applications hosted in their Private Cloud. The Cloud promises a more agile operational environment and that promise has been fulfilled to a large extent within their data centers. But many Enterprises are challenged to unlock this same agility across multi-site Cloud topologies. For example, Enterprise CTOs and CIOs have asked us directly to provide simplified Workload Mobility of critical apps between sites to give their operations teams more flexibility.
Many competitive solutions offer basic VM mobility between sites and storage replication, but do not address the rest of the application environment including: security, stateful services, network containers, tenancy, and most importantly both physical and virtual resources.
What good does it do to move a VM to a new site if the rest of the application environment is left behind causing a potential security hole?
How to move a LIVE 3-tier app like Microsoft SharePoint to a new site (without impacting users)
As we all know, business critical applications require a robust service environment to operate securely across the cloud. In our example below, the application environment provides firewall and load balancing services for each tier of the SharePoint application; web, app, and database tiers. These services are stitched together using a secure Network Container that carve out a slice of resources across the data center for SharePoint. Most Enterprises and SPs use a mix of physical and virtual resources including firewalls, load balancers, VPN termination, IDS, and network switching. Many of these services create stateful connections to users, so….
If you perform a live migration of SharePoint to a new site, stateful connections to firewalls and load balancers need to be preserved to maintain security and TCP connections to active users.
Broken user connections = Service disruption (that’s not good)
You must also provide identical security and services for new SharePoint users even though the application has moved to a new site.
Broken Network Services = Potential Security hole (that’s even worse)
How does Next-Gen Workload Mobility actually work?
Let’s share some test results from our new Business Continuity and Workload Mobility Solutionto illustrate how we performed live SharePoint migrations to a new site (75 km away) while maintaining security, stateful services, and user connections. Oh yes, automatically without manual intervention.
Baseline topology for Microsoft SharePoint deployed in our Private Cloud
We first deployed the SharePoint Web, App, and Database tiers in a secure network container in Data Center 1 using service orchestration, simple and easy. Refer to the figure below for a topology picture.
SharePoint Web Tier is in a Public Zone, and uses a virtual firewall (VSG) and Citrix load balancer
SharePoint App Tier and Database Tier (SQL) are in a Protected Zone and use an ASA Firewall and Citrix load balancer
Our validated design provides LAN extensions, extended clusters, secure network containers, virtual switching, and storage replication between Metro sites
SharePoint is up and running in Data Center 1, supporting hundreds of users with secure connections. Now let’s move SharePoint to a new site without the users knowing it.
Step 1: Perform Live SharePoint Migration to Data Center 2….while maintaining secure user connections!
We performed a Live vMotion of SharePoint (Web, App, Database) to new hosts in Data Center 2, described in the figure below. Data Center 2 is 75 km away. Our SharePoint migration had minimal disruption (2 seconds or less) and maintained security, stateful services, and all user connections across our multi-site Cloud. Pretty sweet! A few highlights from our validated design are provided below.
Our virtual switch (Nexus 1000v), virtual firewall (VSG), and UCS automatically updated Port and Security Profiles at the new site, so our virtual switching and application firewalls were preserved without lifting a finger.
Layer 2 Extensions permit tromboning back to Data Center 1 to maintain connections to physical appliances (stateful firewalls and load balancers), also without manual intervention.
Our Network Container was automatically extended between Metro sites, maintaining security, tenancy, QoS, IP addressing, and user connections. SharePoint was discovered on the new host in Data Center 2 within seconds, using this extended Network Container.
Now let’s move the rest of the network container to Data Center 2 in less than one second!
Step 2: Redirect users to a new Network Container in Data Center 2….in less than 1 second!
With the aid of service orchestration, we simply created a new network container in Data Center 2. This new container included the same configuration, connections, and services (firewalls, load balancers) as the original container in Data Center 1. Once created, we simply redirected external users to the SharePoint application running in Data Center 2, as described below. The redirection of users happened in less than one second, pretty amazing. A simple routing update delivered through service orchestration performed the redirection. In this step, user connections were broken and new connections were re-established to the already running SharePoint application in less than one second! A few highlights from our validated design are provided below.
Layer 2 Extensions allowed the preservation of IP Addressing for Apps and Services during migration. There is no need to “re-IP” your applications just because they’ve moved to a different city.
The complete Network Container including physical and virtual resources was moved with minimal disruption (sub-second) to users
Our Multi-site Cloud solution supports a typical application environment, including both physical and virtual resources, with scaling for large and small private clouds
We also support Cold workload moves of less critical workloads that don’t require these stringent stateful requirements.
For More Info:
We encourage you to follow my blog series and check out our new business continuity and workload mobility solution (VMDC DCI), which describes key business drivers, Cisco DCI innovations, and validated designs that our customers are deploying in their private clouds.
Deploy with confidence! (and sleep better knowing your Cloud is more reliable and secure)
CVD Design Guide -- Cisco Business Continuity and Workload Mobility solution (VMDC DCI )
Solution Overview -- Cisco Business Continuity and Workload Mobility solution (VMDC DCI)
BrightTalk Session -- VMDC DCI for Business Continuity and Workload Mobility in the Private Cloud (webcast)
In today’s business landscape, cloud adoption and deployment is more than just a technical discussion. It’s really a choice about how to operate your business, regardless of what industry or vertical your organization is affiliated with.
However, as a former CIO, I understand that many CIOs are more concerned with the challenges they face when moving to the cloud than the benefits they can achieve.
For example, in the past, all of your company information and applications were locked-up behind a firewall. As such, none of your customers or remote employees could gain access to your network. Now, through clouds, you can put your business out in the world – where your customers, employees, partners and more can gain access. It’s truly making business more accessible, in an incredibly flexible way – but it can be a daunting process.
Recently, I had the chance to participate in a new Cloud Insights Video Podcast and share how all verticals face similar challenges when it comes to cloud. It probably comes as no surprise that the key areas of concern are security and privacy.
Security and privacy are very real challenges, and it’s the CIOs job to address them, but he/she doesn’t have to go at it alone. Businesses should look for a cloud service provider to become a trusted business partner. When a business is looking for a cloud service provider to host its application or data, the main questions that arise are:
How are we going to ensure security?
How will I maintain control over the data and applications that I put in the cloud?
How do I maintain visibility?
When these questions about control and visibility are answered, it inevitably leads to trust. And when a CIO feels there is a level of trust for information and application security within the cloud, it ripples down through the organization, ultimately empowering customer relationships.
It’s transformational when a CEO can say to customers, “We do have that level of control and visibility and you can look to us to take care of your information.”
As organizations in various verticals look to move past security concerns, CIOs need to find a partner they trust and start a conversation, they may be surprised at how quickly some of their concerns can be mitigated.
Visit Cloud Executive Perspectivesto get additional cloud insights for IT leaders and subscribe to the Cisco Cloud Insights video podcast channel on iTunes or via RSS. Additional Cisco Cloud Insights videos can also be found here.
Cisco Solutions for Open and Secure Intercloud Workload Migration. Join our webcast to learn how the Cisco InterCloud solution helps ensure the same network security, quality of service (QoS), and access control policies previously enforced in the data center are implemented in the public cloud. The webcast is available on demand.
How can leaders manage the transition to a cloud services broker? Check out the new Gartner newsletter to learn more.
Is your IT department currently acting as a Cloud services broker?And what exactly is a Cloud services broker?
As our world of many clouds continues to evolve, increased opportunities exist for IT departments to move from the traditional “siloed” working environments to play a more critical role in corporate planning strategies.
Aligning IT and business objectives are duties handled by an IT services broker, who is usually the company CIO.
The time is now for corporations to begin viewing their IT departments as more than the group that resets passwords and helps new-hires with their computer set-ups.
In order to manage the cloud transition and embrace the role of cloud services brokers, CIOs and IT leaders should consider these five steps:
1) Develop your future thinking and let go of the idea of how your IT department has done things in the past and think about what processes can be reengineered or what new capabilities need to be developed. Your IT group is best able to identify technology gaps in an organization’s processes as CIOs contend with hybrid cloud environments.
2) Create your Infrastructure-as-a-Service (IaaS) Building Block and ensure it’s agile, so your IT department can manage infrastructure services in a highly automated fashion and deliver to users in just minutes. By enabling a hybrid cloud environment in the IaaS layer, IT can more easily play the role of cloud services broker.
3) Add the Platform-as-a-Service (PaaS), which uses the agility in the IaaS foundation. Ultimately, this delivers greater efficiencies and flexibility in the deployment and deployment of cloud workloads. Without PaaS, development and testing of initiatives would require dedicated capacity to be allocated by IT.
4) Ensure required security standards. The SaaS and Infrastructure Security building block is where IT’s ability to serve as a cloud service broker plays a critical role and for an organization’s integrity, cloud-based services are best managed by them as a one cohesive infrastructure.
5) Make your vision a reality and implement transformational change! Now that you’ve assembled all the necessary building blocks, find a trusted partner to help you define and implement your vision. Tools like Cisco Domain Ten can help your IT department create evaluation criteria that helps them play their role as cloud services broker.
If you want to learn more about how to prepare for growing cloud workloads, how to evolve your IT department to harness the true potential of the cloud, and how to develop a more strategic approach to IT operations and service management, be sure to :
The Internet of Everything (IoE) is changing the business and IT landscape, fueling unprecedented growth and disruption. As such, just thinking about cloud deployment is not enough. Organizational leaders need a cloud strategy to help future-proof their business and better meet objectives.
In fact, according to Gartner, organizations that continually monitor cloud computing trends and subsequently update the enterprise’s cloud strategy, will likely avoid costly mistakes and garner the most value from market opportunities over the next few years.
As CXOs adopt cloud strategies, what key trends should they keep in mind?
Here’s a short list for consideration:
Trend #1: Prepare for Growing Cloud Workloads
Today’s world isn’t just a world of many clouds, but also a world of growing cloud workloads.
You’ll want to learn how Cisco’s John Manville leveraged an internal, private, infrastructure-as-a-service cloud to drive business value.
View John Manville’s Cloud Insights Video Podcast
John Manville is responsible for Cisco’s Global IT infrastructure - which includes the data centers, networks, platforms and more. Overall, John’s role is to implement Fast IT, which is really about being adaptable and responsive to business needs.
What technology helps drive this responsiveness and adaptability? “There are many solutions that can help, but if I had to sum it up in one word, that word is cloud” replied John .
Cisco uses internal cloud technology for several important business imperatives. Through the cloud, we are balancing internal IT workloads and providing our engineering team the tools needed for OS development. We are also using the internal cloud for external capabilities. For example, Cisco Smart Services uses our internal cloud to offer services to external customers.
Recently, John had the chance to participate in a new Cloud Insights Video Podcast to discuss the challenges his team faced prior to cloud implementation. Like most IT teams, they were challenged by speed of delivery of business capabilities, driving Total Cost of Ownership (TCO) down and completing maintenance on the underlying infrastructure with minimal impact on the business users or applications they need on a daily basis.
To offset these challenges, his team developed and deployed CITEIS (Cisco IT Elastic Infrastructure Services), an internal, private, infrastructure-as-a-service cloud. CITEIS started off as a way to provision virtual machines, but the team quickly realized that it wasn’t enough so they added on more middleware and database capabilities . Now, it’s a rich service that John’s team offers to their clients.