SONA – 数据中心的发展之路 林晓 adamlin@cisco.com
传统的数据中心的问题 现有的基础架构 缺乏灵活性 不足的恢复能力 费用高昂 Enterprise Data Center 应用系统及服务 不一致的安全策略 不一致的业务永续/容灾计划 资源利用率不足 运维复杂, 低效 隔离的应用环境 僵化隔离的基础架构 Enterprise Data Center Internet Data Center Public Web Site 100s of Servers with Integrated Storage E-Commerce Application 4-Tier Application App. Server Supply-Chain Management Traditional Voice PBX In-House Developed Apps 2-Tier CRM Application NCR DB Server Data Warehousing Finance, HR, Payroll and EDI Mainframe Systems Tape Backup Multiple 2-Tier ERP Instances Engineering Services NAS Filers E-Mail E-Mail Appliances IP Services DNS RADIUS LDAP JBOD Operations Center 应用系统及服务 通讯的应用 计算的基础架构 存储的基础架构 网络基础架构 基础设施 (电力, 冷却, 布线, 及物理安全)
数据中心基础架构的发展路径 三个阶段性步骤 数据中心基础架构的发展路径 三个阶段性步骤 虚拟化 存储资源 网络资源 计算资源 应用系统 Management of Resources Independent of Underlying Physical Infrastructure to Increase Utilization, Efficiency and Flexibility 数据 网络 服务器 互连 Centralization and Standardization to Lower Costs, Improve Efficiency and Uptime 整合 LAN WAN MAN 存储 智能化 信息网络 (IIN) HPC 集群 网格 自动化 存储资源 网络资源 计算资源 Dynamic Provisioning and Information Lifecycle Management (ILM) to Enable Business Agility Business Policies On-Demand Service Oriented
思科数据中心网络架构的框架 基础架构的增强服务 应用网络化服务 协作应用系统 业务应用系统 应用网络化服务 基础架构的增强服务 应用加速服务 Instant Messaging Unified Meeting Place IPCC IP Phone Video Delivery PLM CRM ERP HCM Procurement SCM 协作应用系统 传统的架构 / 面向服务的架构 业务应用系统 应用加速服务 安全服务 应用网络化服务 服务管理 先进的分析和决策支持 服务虚拟化 应用网络化服务 WAAS, App Acceleration, Optimization, Security and Server Offload 计算服务 存储交换服务 基础架构的增强服务 交互服务层 基础架构的增强服务 Firewalls, Intrusion Protection, Security Agents 可适应的管理服务 计算网络 存储网络 RDMA, Low Latency Clustering Virtualization, Replication, Virtual Fabrics 网络基础架构虚拟化 基础架构管理 计算资源 网络虚拟化服务 存储资源 外围设备 Data Center Branch Campus Teleworker WAN/MAN Enterprise Edge 网络平台 服务器阵列 服务器交换 存储交换 基础架构层 数据中心互连 SFS Family Catalyst Family Modular Rack Blade MDS Family Director Fabric ONS Family DWDM, SONET, SDH, FCIP Infiniband Switching
数据中心里的安全服务 Branch Application-Layer Security Virtual Firewalls Provides Isolation and Controls Access Application Network Services Catalyst 6500 WAN, VPN, Internet WAAS AVS Branch DDOS Guard Protection Intrusion Protection Prevent Outbreak Propagation Host Protection – Cisco Security Manager VSANs for Storage Isolation MDS 9500 FC Security Protocol for Authenticating Access Storage & Tape Arrays
今天: 需要部署一个企业的服务 网络管理员确保访问路由指向新的服务器 假设我们需要增加一台服务器到Web服务器群组… The challenge is one of ‘coordination delays’. This type of simple scale-out of an existing serve often takes enterprises 90-days. New service turn-ups, after the application has been developed, often take 180+ days. VFrame is designed to eliminate these delays and automate the provisioning of services 安全管理员检查安全策略, 增加防火墙的可通过的端口地址 负载均衡管理员把新的服务器加入到服务器群组中 网络管理员连接以太网, 配置 VLAN 及端口的相关设置 系统管理员安装新的服务器 安装 O/S, 补丁及应用系统 存储管理员配置 LUN, 映射至服务器 存储管理员规划磁盘卷及相关资源
VFrame 提供企业服务的资源规划(Provisioning) VFrame 配置端口, VLAN, 及交换策略 VFrame 可控制服务器启动并连接到对应的 LUN/映象 第三方 资源规划的应用 VFrame 获取对应的 LUN 及 WWN 名称 VFrame 获取可用的存储卷及启动的映象文件
未来的服务器资源规划的实现 VFrame Provisioning 60+% 服务器利用率 ~30% 服务器数量减少
分支架构文件服务器的膨胀 解决方案: 广域应用加速服务 分支架构文件服务器的膨胀 解决方案: 广域应用加速服务 WAN/VPN Network Branch Office File Storage in the Data Center Core File Engine Local File & Print Server Network Attached Storage Filers Files Administrator File Storage Distributed LAN Speeds for Remote Files Files Storage Arrays Files 更低的成本 Consolidate files on scalable, centralized NAS Centralize file administration Tape Arrays Files Administrator 增强的恢复能力 Consistent, compliant security and business continuance, back up best practices 增强的灵活性 Dynamic provisioning of additional storage Universal authorized access to information
网站应用的性能保证 解决方案: 应用加速服务 网站应用的性能保证 解决方案: 应用加速服务 AVS - 3100 WAN/VPN Network Remote Users Data Center Telecommuter 2x - 5x Faster Application Delivery! Remote Branch APPS ARE TOO SLOW! 增强的性能 Dramatically reduces the amount of information sent to the client from the central site Dynamically Caches, Transforms Content, Compresses Content, and Secures the Web With Full-Proxy Functionality Reduces latency and improves responsiveness by handling all redirections
业务连续及规章要求 解决方案: 增强的业务连续方案 业务连续及规章要求 解决方案: 增强的业务连续方案 广泛的应用支持 Asynch / Synch Replication, Backup, Point in Time Copy Multi-vendor Support: EMC, HP, HDS, IBM, Appliances 3rd Party Appliance Support: SANTap Network Assisted Serverless Backup Access Network Blade Servers UNIX/NT Servers Mainframes Blade Servers UNIX/NT Servers Mainframes 优化的 SAN 扩展 Multi-protocol Transport: FCIP, DWDM, Sonet/SDH Distance / Application Optimization: Write and Tape Acceleration Security: FCIP Encryption and FC-SP Auth WAN Utilization: Compression and Large B2B Credits Availability: VSANs and Inter VSAN Routing Metro / Wide Data Center Interconnect Network DWDM Network ONS 155X0 154xx MDS 9500 MDS 9500 SONET/SDH 连续访问 Global Site Selector VPN – IPSec, SSL, MPLS Optimized Exit Routing 3 Storage & Tape Arrays ONS 15454 Storage & Tape Arrays IP WAN 1 7X00
总结 层次 核心层 汇聚层 接入层 服务器集群 HPC/网格 边缘层 核心层 A 存储/磁带区域 V A B Server Virtualization V Remote DMA Services Virtual I/O Clustering Services Compute Fabric Services Fabric Gateway Services Firewall Services Intrusion Detection VPN Termination DOS Protection Anomaly Detection 核心层 汇聚层 Network Analysis Content Caching SSL Offloading Server Balancing File Caching AON Analysis App Acceleration 接入层 QoS IPMc IGPs STP MPLS VLANs DoS GRE VRF IPSec HSRP PVLANs VRRP GLBP 服务器集群 HPC/网格 A B 边缘层 Scaling Ethernet Module Cisco Catalyst Layer 2 Switch 10 Gigabit Ethernet Gigabit Ethernet Cisco Catalyst 6500 Multilayer Switch Layer 3 Switch Infiniband Cisco 3000 Series Fabric Server Switch Cisco 7000 Series Virtual Server Link Virtual Servers Fibre Channel Cisco MDS 9500 Multilayer Director Fibre Channel Trunk A Redundant SAN Fabric Fabric Routing Services Data Replication Svcs Storage Virtualization Fabric Gateway Services Virtual Fabrics (VSANs) 核心层 存储/磁带区域
Let me end by stressing that Cisco is commited to developing the technologies, solutions and partnerships that will help customers address the data center challenges of today and in the future. Although he Future Data Center vision is an industry vision – it is one that depends on an intelligent network platform. A platform that allows the secure and reliable sharing and virtualization of resources. One that enhances the replication of data and systems between data centers. A platform that optimizes the performance and delivery of applications. A platform that enables the technologies and innovations of 3rd party hardware and software vendors.