TWIPD – Cloud Computing
Part II : Virtualization Technology
Orson Yang (楊瑾瑜)
台灣思科網路學會議評會
March-22-2013
© 2013 Cisco and/or its affiliates. All rights reserved.
• Virtualization
• VMware vSphere
• Cisco Nexus 1000V
• Cisco CloudLab
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
2
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
3
• 根據美國國家標準和技術研究院的定義, 雲端運算服務應該具備以下特
徵：
隨需自助服務。
隨時隨地用任何網路裝置存取。
多人共享資源池。
快速重新佈署靈活度。
可被監控與量測的服務。
一般認為還有如下特徵：
基於虛擬化技術快速部署資源或獲得服務。
減少使用者終端的處理負擔。
降低了使用者對於IT專業知識的依賴。
• 雲端運算服務怎麼達成這些目標？
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
4
• Cisco 為了簡化資料中心和雲端轉型提出的10項領域的框架
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
5
• 軟體定義資料中心 (SDDC) - 資料中心所有的基礎建設都能虛擬化，而
能用軟體進行自動化的佈署，提供 Data Center as a Service。
圖片來源 : Torsten Wolk 先生發表在 EMA Blog
http://blogs.enterprisemanagement.com/torstenvolk/2012/08/16/softwaredefined-datacenter-part-1-4-basics/
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
6
• 為達成自動化的目標，SDDC需要把資料中心的三項基礎建設虛擬化
伺服器虛擬化
網路虛擬化
儲存虛擬化
圖片來源 : Torsten Wolk 先生發表在 EMA Blog
http://blogs.enterprisemanagement.com/torstenvolk/2012/08/22/softwaredefineddatacenter-part-2-core-components/
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
7
• 藉由虛擬機系統 (Hypervisor) 及虛擬機管理軟體 (VMM – Virtual Machine
Manager)，在實體伺服器上建立虛擬機 (VM – Virtual Machine)，以達到運算資
源彈性調度的目標。
• 虛擬化分類
完全虛擬化：幾乎完整模擬真實硬體，允許軟體 (Guest OSs) 可以不需要修改，就能在VM上運
行。
WMware vSphere Server, Microsoft Hyper-V Server
部分虛擬化：只模擬部分硬體環境，軟體要經過修改才能在VM上運行。
準虛擬化：沒有做任何硬體模擬，而是讓軟體在個別的隔離領域執行。
Citrix Xen Server, KVM
 利用CPU和晶片組特別的設計，來提昇硬體虛擬化效能的技術稱為－硬體輔助虛擬
化。
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
8
• Internal network virtualization – 由Hypervisor在Server內運行
虛擬網卡
虛擬交換機 (Cisco Nexus 1000V)
虛擬防火牆
虛擬負載平衡
…
• External network virtualization – 由網路設備提供
Virtual LAN (VLAN), Private VLAN
Virtual Port-Channel (vPC)
First Hop Redundant Protocol (FHRP e.g. HSRP, VRRP…)
Virtualized Access Switch
…
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
12
• Storage systems may use virtualization concepts as a tool to enable better
functionality and more advanced features within and across storage systems.
• Primary types of virtualization
Block virtualization used in this context refers to the abstraction (separation)
of logical storage (partition) from physical storage so that it may be accessed
without regard to physical storage or heterogeneous structure. This separation
allows the administrators of the storage system greater flexibility in how they
manage storage for end users.
File virtualization addresses the NAS challenges by eliminating the
dependencies between the data accessed at the file level and the location where
the files are physically stored. This provides opportunities to optimize storage use
and server consolidation and to perform non-disruptive file migrations.
資料來源 : WIKIPEDIA - http://en.wikipedia.org/wiki/Storage_virtualization
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
17
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
21
• Vmware vSphere 平台由安裝於主機的 – VMware vSphere Hypervisor - ESXi 加
上 VMware vCenter Server 中控平台以及管理者端的 VMware vSphere Client 組
合而成。
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
23
• VMware vCenter Server 提供虛擬基礎架構的集中式能見度、主動式管理與擴充
性。
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
31
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
38
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
39
Performance and Scalability
Cisco Nexus 7000 Series
modular datacenter switches
Cisco Nexus 5000 Series
Cisco Nexus 4000 Series Blade
Switches
Cisco Nexus 3000 Series
Cisco Nexus 1000V Series
Cisco Nexus 2000 Series
Fabric Extenders (FEX)
Cisco Nexus 1100 Virtual
Services Appliance
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
40
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
41
Virtual Appliance
Virtual ASA
vWAAS
Cisco Nexus 1100 Virtual Services Appliance
VSG
VSM
VSM
NAM
VSG
VSM
NAM
VSG
Primary
Secondary
VSM: Virtual Supervisor Module
Virtual Supervisor Module (VSM)
L3 Connectivity
VEM: Virtual Ethernet Module
vPath: Virtual Service Data-path
VXLAN: Scalable Segmentation
VSG: Virtual Security Gateway
Network Analysis Module (NAM)
Virtual Security Gateway (VSG)
Data Center Network Manager (DCNM)
Imperva SecureSphere Web Application Firewall
(WAF)
vWAAS: Virtual WAAS
Virtual ASA: Tenant-edge security
VEM-1
vPath
VEM-2
VXLAN
ESX or Hyper-V 3.0
© 2013 Cisco and/or its affiliates. All rights reserved.
vPath
VXLAN
ESX or Hyper-V 3.0
Cisco Confidential
44
Features
Essential (Free)
Advanced
Layer 2 switching: VLANs, private VLANs, VXLAN, loop
prevention, multicast, virtual PortChannels, LACP, ACLs
Yes
Yes
Network management: SPAN, ERSPAN, NetFlow 9,
vTracker, vCenter Server plug-in
Yes
Yes
Enhanced QoS features
Yes
Yes
Cisco vPath
Yes
Yes
Security: DHCP Snooping, IP Source Guard, Dynamic
ARP Inspection, Cisco TrustSec SGA support
No
Yes
Cisco Virtual Security Gateway
Other virtual services (Cisco ASA 1000V, Cisco vWAAS,
etc.)
© 2013 Cisco and/or its affiliates. All rights reserved.
Included
Available separately
Available separately
Cisco Confidential
45
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
49
• Cisco CloudLab provides a dedicated cloudbased setup to for
demonstrations and hands-on labs.
• Access to Cisco CloudLab requires a valid Cisco.com (CCO) account which
can be obtained free of charge. You must have a Cisco employee as sponsor
in order to access Cisco CloudLab.
• URL - http://cloudlab.cisco.com
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
50
• Cisco Nexus 1000V (2.1) - General Overview
• Nexus 1000V (1.5.1a) with L3 Mode (Pre-Configured)
Attaching Virtual Machines to the Cisco Nexus 1000V, VMotion and Visibility, Policy-based Virtual
Machine connectivity.
• Lab: Cisco Virtual Security Gateway (VSG) – Introduction
• Demo: Cisco Virtual Security Gateway (VSG)(Pre-Configured)
• Lab: Cisco Nexus 7000 - Introduction to NX-OS
• Lab: Cisco Overlay Transport Virtualization (OTV)
• Virtual Extensible LAN (VXLAN) (Pre-Configured)
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
51
• This virtual lab is hosted in Cisco’s cloud‐based hands‐on and demo lab. Within
this cloud you are provided with your personal dedicated virtual pod (vPod). You
connect via RDP to a so‐called “control center” within this host and walk through
the lab steps below. All necessary tools to complete this lab can be found in the
“control center”.
• The username and password to access the Control Center of this vPod are listed
below:
User Name:VPOD\administrator
Password:Cisco123
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
53
• Your pod consists of:
Two physical VMware ESX servers. They are called esx01.vpod.local and esx02.vpod.local.
One VMware vCenter, reachable at vcenter.vpod.local via the vSphere client.
One Cisco Nexus 1000V Virtual Supervisor Module, reachable at vsm.vpod.local via SSH.
One pre‐configured upstream switch to which you do not have access to.
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
54
Thank you.