TWIPD – Cloud Computing Part II : Virtualization Technology Orson Yang (楊瑾瑜) 台灣思科網路學會議評會 March-22-2013 © 2013 Cisco and/or its affiliates. All rights reserved. • Virtualization • VMware vSphere • Cisco Nexus 1000V • Cisco CloudLab © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3 • 根據美國國家標準和技術研究院的定義, 雲端運算服務應該具備以下特 徵: 隨需自助服務。 隨時隨地用任何網路裝置存取。 多人共享資源池。 快速重新佈署靈活度。 可被監控與量測的服務。 一般認為還有如下特徵: 基於虛擬化技術快速部署資源或獲得服務。 減少使用者終端的處理負擔。 降低了使用者對於IT專業知識的依賴。 • 雲端運算服務怎麼達成這些目標? © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4 • Cisco 為了簡化資料中心和雲端轉型提出的10項領域的框架 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5 • 軟體定義資料中心 (SDDC) - 資料中心所有的基礎建設都能虛擬化,而 能用軟體進行自動化的佈署,提供 Data Center as a Service。 圖片來源 : Torsten Wolk 先生發表在 EMA Blog http://blogs.enterprisemanagement.com/torstenvolk/2012/08/16/softwaredefined-datacenter-part-1-4-basics/ © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6 • 為達成自動化的目標,SDDC需要把資料中心的三項基礎建設虛擬化 伺服器虛擬化 網路虛擬化 儲存虛擬化 圖片來源 : Torsten Wolk 先生發表在 EMA Blog http://blogs.enterprisemanagement.com/torstenvolk/2012/08/22/softwaredefineddatacenter-part-2-core-components/ © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7 • 藉由虛擬機系統 (Hypervisor) 及虛擬機管理軟體 (VMM – Virtual Machine Manager),在實體伺服器上建立虛擬機 (VM – Virtual Machine),以達到運算資 源彈性調度的目標。 • 虛擬化分類 完全虛擬化:幾乎完整模擬真實硬體,允許軟體 (Guest OSs) 可以不需要修改,就能在VM上運 行。 WMware vSphere Server, Microsoft Hyper-V Server 部分虛擬化:只模擬部分硬體環境,軟體要經過修改才能在VM上運行。 準虛擬化:沒有做任何硬體模擬,而是讓軟體在個別的隔離領域執行。 Citrix Xen Server, KVM 利用CPU和晶片組特別的設計,來提昇硬體虛擬化效能的技術稱為-硬體輔助虛擬 化。 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8 • Internal network virtualization – 由Hypervisor在Server內運行 虛擬網卡 虛擬交換機 (Cisco Nexus 1000V) 虛擬防火牆 虛擬負載平衡 … • External network virtualization – 由網路設備提供 Virtual LAN (VLAN), Private VLAN Virtual Port-Channel (vPC) First Hop Redundant Protocol (FHRP e.g. HSRP, VRRP…) Virtualized Access Switch … © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12 • Storage systems may use virtualization concepts as a tool to enable better functionality and more advanced features within and across storage systems. • Primary types of virtualization Block virtualization used in this context refers to the abstraction (separation) of logical storage (partition) from physical storage so that it may be accessed without regard to physical storage or heterogeneous structure. This separation allows the administrators of the storage system greater flexibility in how they manage storage for end users. File virtualization addresses the NAS challenges by eliminating the dependencies between the data accessed at the file level and the location where the files are physically stored. This provides opportunities to optimize storage use and server consolidation and to perform non-disruptive file migrations. 資料來源 : WIKIPEDIA - http://en.wikipedia.org/wiki/Storage_virtualization © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21 • Vmware vSphere 平台由安裝於主機的 – VMware vSphere Hypervisor - ESXi 加 上 VMware vCenter Server 中控平台以及管理者端的 VMware vSphere Client 組 合而成。 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23 • VMware vCenter Server 提供虛擬基礎架構的集中式能見度、主動式管理與擴充 性。 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39 Performance and Scalability Cisco Nexus 7000 Series modular datacenter switches Cisco Nexus 5000 Series Cisco Nexus 4000 Series Blade Switches Cisco Nexus 3000 Series Cisco Nexus 1000V Series Cisco Nexus 2000 Series Fabric Extenders (FEX) Cisco Nexus 1100 Virtual Services Appliance © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 40 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 41 Virtual Appliance Virtual ASA vWAAS Cisco Nexus 1100 Virtual Services Appliance VSG VSM VSM NAM VSG VSM NAM VSG Primary Secondary VSM: Virtual Supervisor Module Virtual Supervisor Module (VSM) L3 Connectivity VEM: Virtual Ethernet Module vPath: Virtual Service Data-path VXLAN: Scalable Segmentation VSG: Virtual Security Gateway Network Analysis Module (NAM) Virtual Security Gateway (VSG) Data Center Network Manager (DCNM) Imperva SecureSphere Web Application Firewall (WAF) vWAAS: Virtual WAAS Virtual ASA: Tenant-edge security VEM-1 vPath VEM-2 VXLAN ESX or Hyper-V 3.0 © 2013 Cisco and/or its affiliates. All rights reserved. vPath VXLAN ESX or Hyper-V 3.0 Cisco Confidential 44 Features Essential (Free) Advanced Layer 2 switching: VLANs, private VLANs, VXLAN, loop prevention, multicast, virtual PortChannels, LACP, ACLs Yes Yes Network management: SPAN, ERSPAN, NetFlow 9, vTracker, vCenter Server plug-in Yes Yes Enhanced QoS features Yes Yes Cisco vPath Yes Yes Security: DHCP Snooping, IP Source Guard, Dynamic ARP Inspection, Cisco TrustSec SGA support No Yes Cisco Virtual Security Gateway Other virtual services (Cisco ASA 1000V, Cisco vWAAS, etc.) © 2013 Cisco and/or its affiliates. All rights reserved. Included Available separately Available separately Cisco Confidential 45 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 49 • Cisco CloudLab provides a dedicated cloudbased setup to for demonstrations and hands-on labs. • Access to Cisco CloudLab requires a valid Cisco.com (CCO) account which can be obtained free of charge. You must have a Cisco employee as sponsor in order to access Cisco CloudLab. • URL - http://cloudlab.cisco.com © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 50 • Cisco Nexus 1000V (2.1) - General Overview • Nexus 1000V (1.5.1a) with L3 Mode (Pre-Configured) Attaching Virtual Machines to the Cisco Nexus 1000V, VMotion and Visibility, Policy-based Virtual Machine connectivity. • Lab: Cisco Virtual Security Gateway (VSG) – Introduction • Demo: Cisco Virtual Security Gateway (VSG)(Pre-Configured) • Lab: Cisco Nexus 7000 - Introduction to NX-OS • Lab: Cisco Overlay Transport Virtualization (OTV) • Virtual Extensible LAN (VXLAN) (Pre-Configured) © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 51 • This virtual lab is hosted in Cisco’s cloud‐based hands‐on and demo lab. Within this cloud you are provided with your personal dedicated virtual pod (vPod). You connect via RDP to a so‐called “control center” within this host and walk through the lab steps below. All necessary tools to complete this lab can be found in the “control center”. • The username and password to access the Control Center of this vPod are listed below: User Name:VPOD\administrator Password:Cisco123 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 53 • Your pod consists of: Two physical VMware ESX servers. They are called esx01.vpod.local and esx02.vpod.local. One VMware vCenter, reachable at vcenter.vpod.local via the vSphere client. One Cisco Nexus 1000V Virtual Supervisor Module, reachable at vsm.vpod.local via SSH. One pre‐configured upstream switch to which you do not have access to. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 54 Thank you.