云计算测试
advertisement
云计算测试 - ICTC2010 数据中心 Data center 云基础架构 Cloud infrastructure 应用安全 Application security 云服务 Cloud services 思博伦通信 张小东 PROPRIETARY AND CONFIDENTIAL 思博伦通信公司(Spirent Communications) 总部在美国加州 全球1800多名员工 全球著名测试仪器提供商 通信测试行业的领导者 在网络性能分析和服务保障方面为用 户提供全面先进的测试分析解决方案 2 PROPRIETARY AND CONFIDENTIAL 思博伦通信中国 现有北京,上海,广州三个代表处, 南京、杭州、武汉、深圳四个 卫星办公室 亚太及中国区总部位于北京航空航天大学旁的世宁 大厦,投资1000万美金,有员工200余人 在中国建有思博伦全球第二大实验室 在中国有售后技术支持中心(TAC)及维修中心 售后服务热线:400-810-9529 售后服务邮箱:Supportchina@spirent.com 在国内有Global Service 团队 • 负责专业认证培训(SCPA,SCPT,SCPE),在国内与清华大学,东南大学等多家高校合作 ,开设了思博伦学院专业认证培训和考试机构 • 自动化开发和培训服务, 有10多位专职自动化工程师为用户提供自动化平台和测试例开 发、自动化培训等服务,成功实施的典型项目包括中兴数据事业部自动化平台,华为和 华三的VTP自动化平台和华为的GT3000自动化平台。 • 测试服务,承担中国电信,中国网通,中国移动,中国联通等运营商或者大型专网的重 要测试服务。与国家重点实验室(传输所/数据所)建立战略合作伙伴关系 3 PROPRIETARY AND CONFIDENTIAL Security Applications VoIP QoS Virtualization Routing 40G 100G IPv6 4 PROPRIETARY AND CONFIDENTIAL IPTV 议程 云计算概述 思博伦通信云计算测试解决方案 • 数据中心与云基础架构测试 核心局域网&存储网络基础架构(Core LAN & SAN Fabric) 虚拟服务器局域网&存储网络接入(Virtual Server LAN & SAN Access) 云互联(Inter Cloud connect) • 应用安全与云服务测试 安全服务(Security Services) 应用发布与优化(Application delivery and optimization) 云服务(X as a Service) 5 测试应用举例 PROPRIETARY AND CONFIDENTIAL 云计算概述 宽带网络接入 快速弹性和 扩展性 基于使用付费 按需自助服务 资源池 National Institute Standards and Technology (NIST)国家标准技术委员会定义: “ 云计算是一种可以方便的按需接入可配置共享计算机资源池(如, 网络, 服务器, 存储, 应用和服务)的模型。它可以快速供给、释放,最小化管理和与提供商配合。” 6 PROPRIETARY AND CONFIDENTIAL 云计算概述 Power usage effectiveness Green Grid提出 - 关注数据中心能耗效率的业界组织 PUE 是用来度量数据中心能耗效率的指标 PUE = 整个数据中心消耗的电能 / IT设备消耗电能 现代数据中心的PUE值大概是1.21 最新调查表明数据中心的平均PUE值是2.5 交换设备 UPS 冷却设备 通信设备 服务器 存储设备 典型的数据中心 Battersea Power Station Solar Power Seville 数据中心架构效率Data Center Infrastructure Efficiency (DCIE) 百分数, DCIE = IT设备消耗电能/整个数据中心消耗的电能 7 PROPRIETARY AND CONFIDENTIAL 云计算概述 Multi-core & Virtualization enabling the cloud 过去:IaaS 单台主机 现在:一台服务器支持16-48 VM • 4 到 8 cores server 年底:一台服务器支持96+ IaaS • 32 cores • 64 threads 8 PROPRIETARY AND CONFIDENTIAL 云计算概述 Network stack in the cloud Server/Hypervisor – 物理 LAN & SAN 连接 (L1-2) 基础架构Infrastructure – 虚拟 LAN & SAN 连接 (L2-3) • IaaS: 安装Linux 或 Windows 的Virtual server 平台Platform – application transactions (L4-6) • PaaS: 虚拟主机Web hosting, 数据库服务器database server 软件Software – user content (L7) • SaaS:网页邮件收发webmail, 效力应用软件 productivity apps SaaS PaaS IaaS PaaS IaaS Server/Hypervisor 9 PROPRIETARY AND CONFIDENTIAL SaaS U U U U U U U U SaaS PaaS SaaS PaaS IaaS 关键的测试驱动 Cloud network performance性能 给虚拟和真实的基础架构带来更大压力 接入网络复用程度比例从1:20到1:4到1:1 ,无阻塞 难以预防周期性的网络拥塞 不同业务对服务质量(QoS)的要求越来越高 • VLAN Priority 和 IP ToS/Diffserv 10 无论客户的服务是基于本地还是跨越基础 架构 PROPRIETARY AND CONFIDENTIAL AVAILABILITY SECURITY SCALABILITY 关键的测试驱动 Cloud network availability可用性 PERFORMANCE SECURITY SCALABILITY 动态迁移Live Migration • 不需关电迁移IaaS VM 自动资源调度Automated resource scheduling • 根据负载自动调度迁移IaaS VM 高可靠性High availability • 硬件故障时迅速重启IaaS VM 杀手应用The ‘killer apps’ for cloud data centers • 高负载高带宽消耗 11 PROPRIETARY AND CONFIDENTIAL PERFORMANCE AVAILABILITY 关键的测试驱动 Cloud network security安全 企业应用事件transactions要多次跨域 网络 SCALABILITY Apache Web sphere MySQL IIS .Net Oracle 多种安全选择 • 在广域网WAN • 在汇聚或核心 • 虚拟安全设备 12 PROPRIETARY AND CONFIDENTIAL 关键的测试驱动 Cloud network scalability扩展性 PERFORMANCE AVAILABILITY SECURITY 虚拟云网络100x规模与复杂性 • 新网元 – 虚拟交换机/防火墙等虚拟设备 480,000 IaaS 虚拟机(VM) • 480,000 MAC 和 IP 地址 应用和网络流量呈指数增长 • 云内或外部 Virtual Cloud 13 PROPRIETARY AND CONFIDENTIAL Access Aggregation/ Core 关键的测试驱动 Unknowns of Cloud Services • What makes or breaks the quality of experience? • Are adjacent cloud services security threats? 14 PROPRIETARY AND CONFIDENTIAL • How do virtual appliances affect availability? Performance Availability Security Scale • Will physical & virtual appliance scale the same? 思博伦云计算测试解决方案 Remove the Cloud Unknowns PERFORMANCE • Realism • Quality of Experience 15 PROPRIETARY AND CONFIDENTIAL AVAILABILITY • Fail over • Live migration SECURITY • Encryption • Simultaneous threats SCALE • Subscribers • Cloud TCO 思博伦云计算测试解决方案 Core LAN & SAN Fabric Virtual Server LAN & SAN Access Inter Cloud connect Security Services 数据中心 & 云架构 应用安全 & 云服务 端到端性能测试 16 PROPRIETARY AND CONFIDENTIAL Application Delivery Optimization X as a Service Core LAN & SAN Fabric 市场趋势 Overview of the Market Trends 高密度无阻塞架构,成百上千的10GbE端口 最大吞吐量下任意点到点时延在微秒级 FC、FCOE接口将设备连接到核心架构Core fabric IEEE, 数据中心桥接DCB, 增强以太网性能, 无丢包 支持10,000s 虚拟机 MAC地址 40G/100GE线卡2011成为标准组件 Juniper 128x 10G 17 PROPRIETARY AND CONFIDENTIAL Arista 384x 10G Cisco 256x 10G Brocade 256x 10G HP/3Com 144x 10G Voltaire 288x 10G Core LAN & SAN Fabric 测试应用举例 Overview of the use case Performance •Fabric Throughput – RFC 2544 LAN, Draft DCB SAN & Converged Availability •Fabric Latency – RFC 2544 LAN, Draft DCB SAN & Converged Security Scalability 18 PROPRIETARY AND CONFIDENTIAL •Fabric Access Control •Fabric Address Capacity – RFC 2889 LAN, SAN Virtual Server LAN & SAN Access 市场趋势 Overview of the Market Trends 服务器融合 > 虚拟化服务器及 I/O 服务器接入的LAN/SAN融合 刀片服务器和机箱的动态管理 19 PROPRIETARY AND CONFIDENTIAL Virtual Server LAN & SAN Access 测试应用举例 Overview of the use case Performance • LAN & SAN Throughput – Virtual, Blade and Top of Rack switching Availability • QoS during Live Migration & Vmotion Security Scalability • Virtual, Blade and ToR LAN and SAN switch Access Control • LAN MAC and SAN N_Port address capacity STC 1G-100G LAN & SAN I/O Real SCSI target 20 PROPRIETARY AND CONFIDENTIAL Inter Cloud connect 市场趋势 Overview of the Market Trends 21 云提供商寻求提供从数据中心云到终端用户的端到端服务 服务跨越数据中心、运营商网络,需要实现冗余、可靠性、大容量和资源平衡 新技术不仅仅要传输L2层数据中心,还要增加更多L3功能 PROPRIETARY AND CONFIDENTIAL Inter Cloud connect 测试应用举例 Overview of the use case Performance • Inter Cloud and Fabric Extension Throughput Availability • Live Migration WAN link QoS/QoE distance impact Security Scalability • Leakage and separation of services • Capacity of routing/VPN protocols STC 1G-100G LAN & SAN I/O Real SCSI target 23 PROPRIETARY AND CONFIDENTIAL Security services 市场趋势 Overview of the network 高端数据中心需要高性能设备: 350,000/s新建速率,10 million+ 并发 Hypervisor虚拟安全设备 混合部署真实和虚拟设备: 分担部分负责到虚拟防火墙 IDS/IPS Firewall 24 PROPRIETARY AND CONFIDENTIAL Virtual Security Firewall, IDS/IPS Security Services – Firewall/IDS/IPS 测试应用举例 Overview of the use case Performance • Maximum firewall bandwidth throughput • Maximum new connections per second Availability • Application response time at maximum throughput • Impact of live migration on application response time Security Scalability • Impact on performance of DDOS attack • Signature based attack mitigation cause and effect at load • Maximum number of concurrent connections/sessions • Number of concurrent connections at maximum throughput IDS/IPS Firewall 25 PROPRIETARY AND CONFIDENTIAL Virtual Security Firewall, IDS/IPS Application Delivery Optimization 市场趋势 Overview of the network 高性能真实设备: application acceleration, load balancing, rate shaping, SSL offloading Hypervisor 虚拟ADC设备: 单台虚拟 WAN加速器可以支持50,000并发连接 混合部署真实和虚拟设备: F5 Local Traffic Manager (LTM)发布虚拟版本(VE), 可以和硬件设备协同工作 Router WAN Optimizer Loadbalancer 26 PROPRIETARY AND CONFIDENTIAL Virtual ADC App Optimizer & Loadbalancer Application Delivery Optimization 测试应用举例 Overview of the use case Performance • Throughput of physical and virtual ADC • Throughput of physical and virtual WAN Optimizer Availability • Are advanced WAN accelerator policy working? Security Scalability • If the loadbalancer goes down what happens to the incoming requests? • Impact of specific threats on physical and virtual appliances • Impact of load on security policies • Number of concurrent connections/sessions – Secure and Clear • Number of connections/sessions per second Router WAN Optimizer Loadbalancer 27 PROPRIETARY AND CONFIDENTIAL Virtual ADC App Optimizer & Loadbalancer X as a Service 市场趋势 Overview of the Market Trends AT&T, Verizon, NTT, Fujitsu, CHTTL, China Telecom, China Mobile,Korea Telecom, Telstra, Orange, BT, DT, KPN, Telefonica, Telecom Italia, Telia Sonera,广电 Terremark, Savvis, Amazon, Microsoft, Google, Alibaba Expected to be $35B market by 2013 28 PROPRIETARY AND CONFIDENTIAL Platform and Software as a Service 市场趋势 Overview of the network 测试真实应用服务器性能 提供的服务包括 Platform as a Service Software as a Service Storage as a Service – CIFS and NFS Virtualized servers hosting IaaS, Paas, SaaS 29 PROPRIETARY AND CONFIDENTIAL Platform and Software as a Service 测试应用举例 Overview of the use case Performance • Response time of Software as a Service Web application • CIFS and NFS Storage as a Service throughput Availability • Impact of live migration on application response times • Impact on streaming media during live migration Security Scalability • Service authentication and login • XaaS maximum number concurrent users/sessions • XaaS number of users/sessions per second Virtualized servers hosting IaaS, PaaS, SaaS 30 PROPRIETARY AND CONFIDENTIAL 虚拟化 Efficient Virtualization uses a lightweight Hypervisor (Type 1) on bear metal. Advantage UNIX Linux Windows Virtual Machine Virtual Machine Virtual Machine Very efficient & Fast Disadvantage More tightly bound To specific hardware Platforms 31 PROPRIETARY AND CONFIDENTIAL Hypervisor 如何测试-数据中心和云基础架构 Real World LAN UNIX Virtual Machine VirtualLinux Switch Virtual Machine Hypervisor 虚拟化Spirent Test Center 真实Spirent Test Center 32 PROPRIETARY AND CONFIDENTIAL Windows Virtual Machine 如何测试-应用安全与云服务 L4-7应用层仿真产生真实压力 UNIX Linux Windows Virtual Machine Virtual Machine Virtual Machine Hypervisor 33 PROPRIETARY AND CONFIDENTIAL 方案:增加 I/O 解决问题 实例:单个I/O的潜在问题 UNIX Linux Windows Virtual Machine Virtual Machine Virtual Machine Hypervisor Server Load VHDD VHDD VHDD CNA HBA CNA HBA CNA HBA SAN I/O Internet HDD 34 PROPRIETARY AND CONFIDENTIAL HDD HDD 实例:应用压力导致内存耗尽 模拟真实应用压力流量进行业务访问 UNIX Linux Windows Virtual Machine Virtual Machine Virtual Machine Hypervisor 35 PROPRIETARY AND CONFIDENTIAL 实例:动态迁移与性能 App UNIX App Linux App Windows App UNIX App Windows Virtual Machine Virtual Machine Virtual Machine Virtual Machine Virtual Machine Virtual Machine Hypervisor Hypervisor 在迁移过程中进行应用访问测试 36 App Linux PROPRIETARY AND CONFIDENTIAL 思博伦通信云计算测试解决方案 数据中心,应用与安全,云基础架构和云服务 虚拟化, 1GE/10GE, 2/4/8G FC和40/100GE 37 PROPRIETARY AND CONFIDENTIAL Platform and Software as a Service 测试报告 Overview of the use case 可扩展性scalability 2分钟发起410 HTTPS 用户会 话 性能performance CPU压力对其他用户的影响? Full details: http://www.spirent.com/White-Papers/Broadband/PAB/EANTC_CloudComputing_Whitepaper.aspx 38 PROPRIETARY AND CONFIDENTIAL Platform and Software as a Service 测试报告 Overview of the use case 可用性Availability 动态迁移 Full details: http://www.spirent.com/White-Papers/Broadband/PAB/EANTC_CloudComputing_Whitepaper.aspx 39 PROPRIETARY AND CONFIDENTIAL 媒体文章 (SECURITY IS HOT) Spirent Pushing New Testing for Cloud Security (Headline) http://www.lightreading.com/do cument.asp?doc_id=196162&f_src =lightreading_gnews Making security a top priority in cloud - http://connectedplanetonline.co m/topics/cloud-computing/cloudsecurity-priority-082010/ 40 PROPRIETARY AND CONFIDENTIAL 41 PROPRIETARY AND CONFIDENTIAL
