What is Next-Gen Workload Mobility for the Private Cloud?
Enterprises across the globe have been asking for simpler ways to provide multi-site Business Continuity and Workload Mobility for applications hosted in their Private Cloud. The Cloud promises a more agile operational environment and that promise has been fulfilled to a large extent within their data centers. But many Enterprises are challenged to unlock this same agility across multi-site Cloud topologies. For example, Enterprise CTOs and CIOs have asked us directly to provide simplified Workload Mobility of critical apps between sites to give their operations teams more flexibility.
Many competitive solutions offer basic VM mobility between sites and storage replication, but do not address the rest of the application environment including: security, stateful services, network containers, tenancy, and most importantly both physical and virtual resources.
What good does it do to move a VM to a new site if the rest of the application environment is left behind causing a potential security hole?
How to move a LIVE 3-tier app like Microsoft SharePoint to a new site (without impacting users)
As we all know, business critical applications require a robust service environment to operate securely across the cloud. In our example below, the application environment provides firewall and load balancing services for each tier of the SharePoint application; web, app, and database tiers. These services are stitched together using a secure Network Container that carve out a slice of resources across the data center for SharePoint. Most Enterprises and SPs use a mix of physical and virtual resources including firewalls, load balancers, VPN termination, IDS, and network switching. Many of these services create stateful connections to users, so….
If you perform a live migration of SharePoint to a new site, stateful connections to firewalls and load balancers need to be preserved to maintain security and TCP connections to active users.
Broken user connections = Service disruption (that’s not good)
You must also provide identical security and services for new SharePoint users even though the application has moved to a new site.
Broken Network Services = Potential Security hole (that’s even worse)
How does Next-Gen Workload Mobility actually work?
Let’s share some test results from our new Business Continuity and Workload Mobility Solutionto illustrate how we performed live SharePoint migrations to a new site (75 km away) while maintaining security, stateful services, and user connections. Oh yes, automatically without manual intervention.
Baseline topology for Microsoft SharePoint deployed in our Private Cloud
We first deployed the SharePoint Web, App, and Database tiers in a secure network container in Data Center 1 using service orchestration, simple and easy. Refer to the figure below for a topology picture.
SharePoint Web Tier is in a Public Zone, and uses a virtual firewall (VSG) and Citrix load balancer
SharePoint App Tier and Database Tier (SQL) are in a Protected Zone and use an ASA Firewall and Citrix load balancer
Our validated design provides LAN extensions, extended clusters, secure network containers, virtual switching, and storage replication between Metro sites
SharePoint is up and running in Data Center 1, supporting hundreds of users with secure connections. Now let’s move SharePoint to a new site without the users knowing it.
Step 1: Perform Live SharePoint Migration to Data Center 2….while maintaining secure user connections!
We performed a Live vMotion of SharePoint (Web, App, Database) to new hosts in Data Center 2, described in the figure below. Data Center 2 is 75 km away. Our SharePoint migration had minimal disruption (2 seconds or less) and maintained security, stateful services, and all user connections across our multi-site Cloud. Pretty sweet! A few highlights from our validated design are provided below.
Our virtual switch (Nexus 1000v), virtual firewall (VSG), and UCS automatically updated Port and Security Profiles at the new site, so our virtual switching and application firewalls were preserved without lifting a finger.
Layer 2 Extensions permit tromboning back to Data Center 1 to maintain connections to physical appliances (stateful firewalls and load balancers), also without manual intervention.
Our Network Container was automatically extended between Metro sites, maintaining security, tenancy, QoS, IP addressing, and user connections. SharePoint was discovered on the new host in Data Center 2 within seconds, using this extended Network Container.
Now let’s move the rest of the network container to Data Center 2 in less than one second!
Step 2: Redirect users to a new Network Container in Data Center 2….in less than 1 second!
With the aid of service orchestration, we simply created a new network container in Data Center 2. This new container included the same configuration, connections, and services (firewalls, load balancers) as the original container in Data Center 1. Once created, we simply redirected external users to the SharePoint application running in Data Center 2, as described below. The redirection of users happened in less than one second, pretty amazing. A simple routing update delivered through service orchestration performed the redirection. In this step, user connections were broken and new connections were re-established to the already running SharePoint application in less than one second! A few highlights from our validated design are provided below.
Layer 2 Extensions allowed the preservation of IP Addressing for Apps and Services during migration. There is no need to “re-IP” your applications just because they’ve moved to a different city.
The complete Network Container including physical and virtual resources was moved with minimal disruption (sub-second) to users
Our Multi-site Cloud solution supports a typical application environment, including both physical and virtual resources, with scaling for large and small private clouds
We also support Cold workload moves of less critical workloads that don’t require these stringent stateful requirements.
For More Info:
We encourage you to follow my blog series and check out our new business continuity and workload mobility solution (VMDC DCI), which describes key business drivers, Cisco DCI innovations, and validated designs that our customers are deploying in their private clouds.
Deploy with confidence! (and sleep better knowing your Cloud is more reliable and secure)
CVD Design Guide -- Cisco Business Continuity and Workload Mobility solution (VMDC DCI )
Solution Overview -- Cisco Business Continuity and Workload Mobility solution (VMDC DCI)
BrightTalk Session -- VMDC DCI for Business Continuity and Workload Mobility in the Private Cloud (webcast)
As we start off this New Year, how about including a resolution to improve application delivery? In Best Practices for Application Delivery in Virtualized Networks – Part I , we covered key application delivery challenges that have come up due to the complexities of managing the many types of applications that enterprises use today, and further complicated by data center consolidation and virtualization. We then covered some best practices, courtesy of Dr. Jim Metzler’s 2011 Application Service Delivery Handbook, which recommended taking a lifecycle approach to planning and managing application performance.
A key step to the lifecycle approach is to implement network and application optimization tools, such as WAN Optimization solutions and Application Delivery Controllers, including server load balancers. Of course, these solutions are not new to the market and already address many of the needs that exist with delivering enterprise applications in virtualized data centers -- namely, the need to ensure network reliability, availability and security for users accessing these applications. In this post, we will discuss a recent study by IDC, where IT decision makers across Europe and the US spoke out about their strategies for using server load balancers to deal with emerging challenges.
. What important attributes do you look for in your server load balancers?
Earlier this year the Webtorials Analyst Division, co-founded by Dr. Jim Metzler, surveyed their subscriber base of IT professionals. Not surprisingly, 75% admitted that when a core business application degrades in performance, the end user notices before IT does. Therefore, 85% also believe that it is important, very important and even critical to senior managers that they take a more proactive approach to managing acceptable application delivery (See Figure 1).
Source: Metzler, Jim, “2011 Application & Service Delivery Handbook”, p. 14
Contributing to the challenges of ensuring good application performance are the very innovations that are meant to simplify business and IT operations. These include data center consolidation, virtualization and the wide variety of applications that IT must support– all of which creates operational issues for IT. Not to worry – there are best practices that IT organizations can implement as application delivery challenges continue to evolve. In Part I of this blog post on application and services delivery, I’ll share what I consider to be key learnings from Dr. Metzler’s comprehensive 129 page guide. We’ll start with some core challenges:
Key Application Delivery Challenges
Proliferation of different types of applications: Today, companies utilize a wider variety of applications than ever. Some applications are business-critical. Others enable other business functions. And still more applications support communication and collaboration. Not only do they vary in criticality, but they also vary in their demands on the network. For instance, video streaming, which causes a lot of strain on the network may be key on some occasions (think company-wide all hands meetings a la Apple’s tribute to Steve Jobs), but recreational during other times. IT managers must audit company-wide application use, pinpoint a select group of business critical applications and formulate and execute a plan for optimization.
Innovative managed ISR G2 marketing with crowdsourcing platform jovoto
The ISR G2 is one of Cisco’s most versatile products -- it delivers next generation WAN and network services, enables the cost-effective delivery of high-definition video and collaboration, and provides the secure transition to the next generation of cloud and virtualized network services.
Cisco has teamed withjovotoon an innovative marketing initiative to develop creative yet focused campaign concepts for managed ISR G2. jovoto is an online collaboration platform that delivers creative collective intelligence and builds on the concept of co collaboration with its global community. It establishes a sustainable partnership between brands that seek ideas and creative idea-driven individuals and communities.
Launching on August 23, Cisco and jovoto will run a six week contest to challenge the jovoto community to create concepts that communicate a compelling value proposition for the ISR G2. Anyone can submit new ideas, review the submissions, and provide feedback and comments to make them even better. There are prizes for the top ideas and for the highest ‘karma’ points -- the most active participants who comment and help shape these ideas.
We want YOU! Are you a designer with amazing ideas for how to turn the ISR G2 value proposition into an great marketing campaign? Submit an idea (or five)! Are you an IT professional who we’d want to hook? Give your candid feedback and tell us if these ideas would get you to think about ISR G2.
The Need for Virtualization
In their quest to reduce administrative and hardware costs and to increase the availability of server resources IT administrators are embracing server virtualization to the point that it has become a fundamental data center technology. Server virtualization makes it possible for IT administrators to move virtual server instances, and the applications that run on them, from one physical machine to another as needed, and have to them running at the new location within moments. This mobility allows IT administrators to optimize server utilization or to take advantage of idle compute resources as well as to recover from server failures almost instantly.
The mobility of virtual servers is what makes server virtualization so appealing. This mobility not only enables movement of virtual machines from one server to another within the same data center, it also enables movement of virtual machines from one data center to another. Mobility of virtual machines between data centers is critical as it enables IT administrators to make use of available resources in another data center and to recover from data center outages, maintaining availability to applications and business services seamlessly.
The Network Can Help
In the data center application performance, availability and security is enhanced by a number of network services such as server load balancing, WAN Optimization and firewalls, which have been delivered by physical appliances. As IT administrators take advantage of the benefits of server mobility that is enabled by server virtualization they seek to have the same mobility available in the network services that benefit those virtual servers and their applications. While it’s possible to have the same network services appliances running in all data centers the challenge is with configuring them to recognize the specific virtual server instances that have been moved between data centers.