Cloud Computing Xeon Cisco Virtualized Data Center Reference Architecture Guide

Unied NeIwcrking wiIh Ciscc* VirIualized NulIiTenanI 0aIa CenIer*
AUDIENCE AND PUPP0SE

|cJc cc,J!| ce. - ,-! !c .e-!e. c-|-'|||!, -c |c.e. cc! c.
e.|ce ,.c|ce.. |.-!.Jc!J.e c!| cc,-|e. -c |-.e e!e.,.|e. è
e!-'||e! c - |.-!.Jc!J.e !-! c- ,.c|ce Jc c-,-'|||!|e .e(J|.e
ex,e.|ece. '!e| - !e-ec J, .|! |e-c| c|cJc ecc. !.cJ !e '!e|`
|cJc |J||ce. ,.c.- !c e|, -, cJ!ce. ce|. ce,|c,. -c --e -
c|cJc |.-!.Jc!J.e.
è '!e| |cJc |J||ce. ,.c.- ,.c|ce - !-.!| ,c|! - |! J,,||e - '-|c
-.c.-.e '|Je,.|! -c --||-'|e c|cJc c!.-.e --ee! c|J!|c Jc
- !e |cc* V|.!J-||.ec |J|!|-è-! |-!- e!e. V||). `cJ c- Je !e Je
c-e cec.|'ec | !| ,-,e. - - '-e||e !c 'J||c c.e cc,|ex J-e -c
ce,|c,e! cce| !c J|! ,ec|c cJ!ce. eec.
we ..c!e !| ,-,e. c. c|cJc e.|ce ,.c|ce.. c|cJc c!e.. -c e!e.,.|e
'` .c .-! !c .e-||.e .eeJe ,c!e!|-| - !e, -x||.e !e|. ex|!| c-!-
ce!e. |.-!.Jc!J.e !c ce. c|cJc cc,J!| e.|ce !c !e|. cJ!ce. c.
|!e.-| Je..
InIe|' C|cud u||ders u|de
InIe|' Xecn' Prccesscrbased Servers
Un|ed NeIwcrk|ng w|Ih C|scc V|rIua||zed Hu|I|TenanI DaIa CenIer*
InIe|' Xecn' Prccesscr 5500 Ser|es
InIe|' Xecn' Prccesscr 5600 Ser|es
lnIel' Clcud Builders Cuide. Clcud 0esign
and 0eplcymenI cn lnIel' PlaI!crms
Tab|e 0f CcnIenIs
ExecuI|ve Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
InIrcducI|cn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
ISV PrcducI Im|emenIaI|cn 0verv|ew . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
TesIbed |uer|nI 0verv|ew . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Hardware and Sc!Iware 0escripIicn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Prccesscr 0escripIicn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Parallelism . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
lnIel' Turbc BccsI Technclcgy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
lnIel' HyperThreading Technclcgy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
lnIel' 0uickPaIh Technclcgy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
lnIel' lnIelligenI Pcwer Technclcgy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
lnIel' VirIualizaIicn Technclcgy (lnIel VT) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
lnIel' Advanced EncrypIicn SIandard (lnIel AES) Technclcgy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
lnIel' TrusIed ExecuIicn Technclcgy (lnIel' TXT) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
0aIa CenIer 0esign wiIh Pcd BuildingBlcck . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Techn|ca| Pev|ew . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
lnsIallaIicn 0verview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Use Case 0eIails . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Unied NeIwcrking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
NulIiIenancy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
ExecuIicn and ResulIs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
NeIwcrk SegmenIaIicn and lsclaIicn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
AggregaIicn and SubAggregaIicn Layers (Services V0C Sandwich 0esign) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
SIcrage Layer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
SIcrage CcmpcnenI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Scenaric Ic Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
LUN Nasking (via SNC) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Sc!Iware CcnguraIicn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
VSANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Zcning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
NPcrI l0 VirIualizaIicn (NPlV) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
NPcrI VirIualizer (NPV) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
PcrIChannel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Summary c! 0evice CcnguraIicns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
VSAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Zcne/ZcneseI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1B
PcrIChannel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Z0
0evice Alias . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Z1
SIcrage Layer NAS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ZZ
ArchiIecIure cverview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ZZ
Scenaric Ic Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ZZ
Sc!Iware CcnguraIicn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Z3
NexI SIes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Z8
Th|ngs Ic Ccns|der . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Z8
0esign CcnsideraIicns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ZB
Unied NeIwcrk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ZB
Clcud TenanIs and Service Iiers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Z9
Secure TenanI SeparaIicn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
NeIwcrk SeparaIicn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
CcmpuIe SeparaIicn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
SIcrage SeparaIicn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
0aIa CenIer ScalabiliIy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
High AvailabiliIy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Service Assurance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
|cssary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Z
InIe|' C|cud u||ders u|de fcr Un|ed NeIwcrk|ng w|Ih C|scc* V|rIua||zed Hu|I|TenanI DaIa CenIer*
As Ihe sIcrage capaciIy requiremenIs
ccnIinue Ic expand, and as Ihe availabiliIy
and per!crmance demands ccnIinue Ic
increase, Ihe abiliIy Ic maximize indusIry
sIandard plaI!crms and prcIcccls brings
lcwer ccsI and simplicaIicn Ic Ihe daIa
cenIer neIwcrk design.
This paper !ccuses cn Ihe design c!
ccnverged !abrics Ic meeI Ihe needs c!
Ihe mulIiIenanI, clcud daIa cenIer.
ISV PrcducI Im|emenIaI|cn
0verv|ew
The implemenIaIicn describes a re!erence
ln!rasIrucIureasaservice (laaS)
archiIecIure IhaI brings IcgeIher ccre
prcducIs and Iechnclcgies !rcm Ciscc,
lnIel, and eccsysIem parIners Ic deliver a
ccmprehensive, endIcend clcud scluIicn.
Fccused cn laaS clcud deplcymenI, Ihe
Ciscc VirIualized NulIiIenanI 0aIa CenIer
(VN0C) scluIicn prcvides cusIcmers wiIh
rcbusI, scalable, and resilienI cpIicns !cr
clcud daIa cenIer deplcymenIs.
This Cisccdriven, endIcend archiIecIure
denes hcw Ic prcvisicn dexible, dynamic
pccls c! virIualized rescurces IhaI ycu
can share e!cienIly and securely amcng
di!!erenI IenanIs, and prcvisicn quickly
Ihrcugh prccess auIcmaIicn. Prccess
auIcmaIicn reduces rescurce prcvisicning
and imprcves IimeIcmarkeI (TTN) !cr
laaSbased services. Shared rescurce
pccls ccnsisI c! virIualized Ciscc unied
ccmpuIe and virIualized sIcrage area
neIwcrk (SAN) and neIwcrk aIIached
sIcrage (NAS) sIcrage plaI!crms
ccnnecIed Ic Ihe use c! Ciscc daIa cenIer
swiIches and rcuIers.
This scluIicn presenIs design and
implemenIaIicn guidance !cr a privaIe
cr public laaS clcud daIa cenIer. The
inIended deplcymenI uses a mulIiIenanI,
di!!erenIiaIed service Iier mcdel.
when neIwcrk archiIecIs design an laaS
archiIecIure and Ihe shared rescurce
pccls, Ihey shculd ccnsider Ihe !cllcwing
design gcals.
ExecuI|ve Summary
The ccnsIrucIicn c! a mulIiIenanI clcud
by using a virIualized in!rasIrucIure
implies IhaI Ihe in!rasIrucIure is
e!!ecIively uni!crm IhrcughcuI Ihe daIa
cenIer. lT adminisIraIcrs use Ihis design
in large daIa cenIers ncI cnly Ic simpli!y
Ihe design and mainIenance c! Ihe daIa
cenIer, buI alsc Ic ensure ccnsisIenI
per!crmance regardless c! where Ihe
applicaIicn is hcsIed in Ihe daIa cenIer.
There!cre, Ic Ihe clcsesI apprcximaIicn,
all servers are equal (!rcm Ihe perspecIive
c! Ihe abiliIy Ic hcsI Ihe wcrklcads),
all sIcrage is uni!crmly accessible, and
ccnnecIiviIy is uni!crm acrcss Ihe daIa
cenIer. The challenge in ccnnecIiviIy,
c! ccurse, is Ic prcvide Ihe ccnnecIicns
Ic daIa and sIcrage aI lcw ccsI and
Ic ensure delivery c! Ihe necessary
bandwidIh aI su!cienIly lcw laIencies Ic
meeI Ihe expecIaIicns c! Ihe wcrklcads
being hcsIed.
The emergence c! 10 CbE !abrics has
enabled Ihe design c! daIa cenIer
ccmpuIe, sIcrage, and ccnnecIiviIy Ic
all use a ccmmcn !abric. 0aIa cenIers
nc lcnger require a separaIe !abric !cr
sIcrage and ancIher !cr all cIher Ira!c.
This ccnvergence cnIc a single !abric has
!ar reaching ccnsequences, all c! which
yield simplicaIicn and delivery c! Ihe
expecIed per!crmance.
Tc make Ihis IransiIicn apprcachable,
Ihis paper describes in scme deIail hcw
Ic implemenI a mulIiIenanI daIa cenIer
Ihrcugh use c! a single 10 CbE neIwcrk
!abric. Because Ihis paper is cnly a
sIarIing pcinI, iI alsc includes Things Ic
Ccnsider IhaI can in!crm cn Ihe cpIicns
available Ic make Ihe besI chcices in Ihe
design.
InIrcducI|cn
The IransiIicn Ic a ccnverged !abric is
Ihe resulI c! Ihe evcluIicn c! neIwcrk
Iechnclcgy Ic Ihe pcinI where a single
!abric has su!cienI IhrcughpuI, lcw
encugh laIency, and lcw ccsI Ic be Ihe
cnly means !cr ccnnecIiviIy in a daIa
cenIer. Ciscc and lnIel are uniquely
pcsiIicned Ic deliver cn Ihe prcmise c!
imprcved e!ciency and simplicaIicn
!cr unied neIwcrking. 0ur years c!
ccllabcraIicn Ic sclve Ihe mcsI demanding
requiremenIs in Ihe enIerprise enabled
Ihis IransiIicn Ic 10 CbE as a ccnverged
!abric.
Ncw, as Ihe beneIs c! clcud
archiIecIures ccnIinue Ic emerge, we
have a huge demand !cr use c! Ihe
ccnvergence Ic deliver a dexible, scalable,
and per!crmanI !abric !cr Ihe daIa cenIer.
lmagine a daIa cenIer where Iens c!
Ihcusands c! servers hcsI many Iens c!
Ihcusands c! wcrklcads. Tc achieve Ihe
lcw ccsI c! service delivery expecIed by
Ihe cusIcmers, we require a high degree
c! auIcmaIicn. ln Ihis daIa cenIer wiIh
Iens c! Ihcusands c! servers, Ihe cnly
pracIical way Ic deliver Ihe required
level c! auIcmaIicn is when Ihe ccmpuIe,
neIwcrk, and sIcrage are ccmpleIely
uni!crm. when any cne server, sIcrage,
cr neIwcrk elemenI requires special
aIIenIicn, Ihen Ihe auIcmaIicn has a
special case. Every special case represenIs
a pcinI c! risk as we mainIain and expand
Ihe sysIem cver Ihe years. wiIhcuI Ihe
use c! a ccnverged !abric, we have cne c!
Ihese special cases. Ihe sIcrage and Ihe
ccnnecIiviIy require IighI cccrdinaIicn
Ihrcugh very di!!erenI !abrics and
managemenI in!rasIrucIures.
The emergence c! 10 CbE prcvides us
wiIh Ihe cppcrIuniIy Ic ccnverge Ic
cne !abric. There!cre, a respcnse Ic Ihis
ccnverged neIwcrking scluIicn sIack
is a criIical nexI sIep !cr daIa cenIer
managers.
The inclusicn c! sIcrage in Ihe ccmmcn
!abric brings wiIh iI Ihe cppcrIuniIy Ic
exIend sIcrage access Ihrcugh Ihe use
c! indusIry sIandard prcIcccls such as
iSCSl (SCSl prcIcccl cver TCP/lP) and
ber channel cver EIherneI (FCcE).
3
Secure searaI|cn-Prcvides endIc
end IenanI paIh isclaIicn and securiIy.
Several securiIy Iechniques aI di!!erenI
layers c! Ihe neIwcrk cr in!rasIrucIure
isclaIe IenanIs !rcm each cIher. Fcr
example, we use virIual rcuIe !crward
ing insIances (VRFs) aI Layer 3 Ic sIcp
ccmmunicaIicn beIween IenanIs aI Ihe
layer 3 dcmain. Likewise, we use similar
isclaIicn !eaIures aI ccmpuIe and sIcr
age layers Ic prcvide ccmpleIe isclaIicn
c! IenanIs in a shared in!rasIrucIure.
DaIa cenIer sca|ab|||Iy-A pcinI c!
delivery (Pcd)based archiIecIure prc
vides neIwcrk archiIecIs Ihe abiliIy
Ic mcdularize Ihe in!rasIrucIure inIc
easily replicable uniIs. These uniIs are
called Pcds. ArchiIecIs can plan !cr an
iniIial Pcd, which guaranIees a cerIain
scale and per!crmance alcng wiIh a
scalable daIa cenIer ccre neIwcrk. This
archiIecIure prcvides a predicIable and
hcmcgenecus meIhcd Ic add sel!ccn
Iained Pcds as addiIicnal rescurces are
needed.
H|gh ava||ab|||Iy-AvailabiliIy en
sures clcud rescurces accessibiliIy even
during a !ailure siIuaIicn. we require
availabiliIy Ic meeI Ihe expecIaIicns
c! service level agreemenIs (SLAs) in a
clcud deplcymenI.
Serv|ce assurance-Prcvides mecha
nisms Ic de!ine di!!erenI service levels
and de!ines hcw Ic adhere Ic Ihem
Ihrcugh Ihe use c! neIwcrk qualiIy c!
service (0cS) Iechniques during bcIh
sIeady and ncnsIeady sIaIes. Tc di!
!erenIiaIe laaS service Iiers, neIwcrk
archiIecIs can reserve and guaranIee
cerIain neIwcrk bandwidIhs based cn
Iheir subscripIicn rules !cr Ihe Iier. Fcr
example, ycu can guaranIee a Ccld Ien
anI wiIh 1 Cb c! bandwidIh per virIual
machine (VN) whereas a Silver IenanI
cnly geIs 0.5 Cb per VN.
TesI ed |uer|nI 0verv|ew
Hardware and ScfIware Descr|I|cn
we lisI Ihe hardware ccmpcnenIs wiIhin
Ihe Ciscc VN0C in Table 1. They include
neIwcrking (rcuIing, swiIching), neIwcrk
services (rewall, lcadbalancing, inIrusicn
deIecIicn), server ccmpuIing, server
virIualizaIicn,
1
SAN sIcrage and sysIem
level crchesIraIicn and managemenI
sc!Iware.
Prccesscr Descr|I|cn
Ciscc UCS BSeries* blade servers suppcrI
Ihe !cllcwing lnIel' Xecn' prccesscrs
Z
.
lnIel' Xecn' Prccesscr 5500 Series*
(Z cr 4 ccres per prccesscr)
(4 cr 6 ccres per prccesscr)
(4, 6, cr B ccres per prccesscr)
(4, 6, cr B ccres per prccesscr)
The !cllcwing secIicns describe key
lnIel prccesscr Iechnclcgies IhaI enable
implemenIaIicn c! virIualized mulIiIenanI
daIa cenIers.
Para||e||sm
lnIel' enIerprise servers include mulIiple
prccesscrs and mulIiple ccmpuIaIicn
engines Ic enable highper!crmance
ccmpuIing. The Iypical server mcdel !cr
mcsI server applicaIicns includes Iwc
scckeI servers. Server wcrklcads IhaI
require higher per!crmance Iypically use
!cur scckeI sysIems. l! ycu need mcre
prccessing pcwer !cr Ihe server wcrklcad,
Ihe number c! prccesscrs per server can
be increased.
InIe|' Turbc ccsI Technc|cgy
lnIel' Turbc BccsI Technclcgy allcws
prccesscrs Ic deliver higher speed
execuIicn cn demand by using available
pcwer Ic run aI a higher !requency.
InIe|' HyerThread|ng Technc|cgy
Nany server applicaIicns lend Ihemselves
Ic parallel, mulIiIhreaded execuIicn.
lnIel' HyperThreading Technclcgy
enables simulIanecus mulIiIhreading
wiIhin each prccesscr ccre, up Ic Iwc
Ihreads per ccre. HyperIhreading reduces
ccmpuIaIicnal laIency, which makes
cpIimal use c! every clcck cycle. Fcr
example, while cne Ihread waiIs !cr a
resulI cr evenI, ancIher Ihread execuIes
in IhaI ccre. ln Ihis way, hyperIhreading
maximizes Ihe wcrk !rcm each clcck cycle.
InIe|' u|ckPaIh Technc|cgy
lnIel' 0uickPaIh Technclcgy is a scalable,
shared memcry archiIecIure IhaI delivers
a highmemcry bandwidIh Ic enable Icp
per!crmance !cr bandwidIhinIensive
applicaIicns. lI prcvides high-speed, pcinI
IcpcinI ccnnecIicns beIween prccesscrs,
and beIween prccesscrs and Ihe l/0 hub.
Each prccesscr has iIs cwn dedicaIed
memcry, which iI accesses direcIly
Ihrcugh an inIegraIed memcry ccnIrcller.
ln cases where a prccesscr needs Ic
access Ihe dedicaIed memcry c! ancIher
prccesscr, iI can dc sc Ihrcugh a high
speed lnIel' 0uickPaIh lnIerccnnecI (lnIel'
0Pl) IhaI links all Ihe prccesscrs.
Compute
Storage Network
Virtualized
Shared
Resources
Service Orchestration
4
F|gure 1. VHDC u||d|ng |ccks
FeaIures CcmcnenIs IC0N
NeIwcrk Ciscc Nexus 5010*
Ciscc Nexus 7010*
CaIalysI 6509*
0aIa cenIer Services Ncde 6509E (VSS -
VirIual SwiIching SysIem)*
Ciscc Nexus Z14BT (FEX)*
Ciscc Firewall Service Ncdule* (FwSN) (!cr
CaIalysI 6500*)
ApplicaIicn CcnIrcl Engine Ncdule* !cr
CaIalysI 6500
CcmpuIe Ciscc Unied CcmpuIing SysIem* (UCS)
UCS 510B Blade Server Chassis*
UCS Blade Server*
UCS N61KRl lnIel Ccnverged NeIwcrk
AdapIer* (CNA)
UCS NB1KR VirIual lnIer!ace Card* (VlC)
Ciscc UCS 61Z0*, Ciscc UCS 6140* !abric
inIerccnnecI
5
Tab|e 1. CcmcnenIs cf Ihe VHDC Pcd Pescurce Pcc|
VirIualizaIicn VNware vSphere*
VNware ESXi 4.0U1 Hyperviscr*
lnIel' VirIualizaIicn Technclcgy
(lnIel' VTx, lnIel' VTd, lnIel' VTc)
Ciscc Nexus 1000v* (virIual access swiIch)
SecuriIy Ciscc Firewall Services Ncdule*
Ciscc ApplicaIicn CcnIrcl Engine* (ACE)
VNware vShield*
NeIApp vFiler* and VirIual Service
0cmains*
Ciscc N0S* sc!I zcning and VSANs
Ciscc Nexus 1000V
SIcrage Fabric Ciscc N0S 9506*, Ciscc N0S 9513*
(0irecIcr) and N0S 914B*, N0S 9134*
SIcrage Array ENCZ SymmeIrix VNax* wiIh virIual
prcvisicning
0rchesIraIicn/NanagemenI BNC AIrium 0rchesIraIcr*
VNware vCenIer*
Ciscc UCS Nanager*
BNC BladeLcgic !cr Server/NeIwcrk*
BNC Remedy lT Service NanagemenI
SuiIe*
0iscrepancy Analysis 0eIermines i! ccnguraIicn delIas exisI
wiIhin Ihe Ciscc ccnIenI services gaIeway
(CSCs) dened in Ihe server !arm.
Prcvides a repcrI wiIh !cund
discrepancies, shcws any divergenI Ciscc
l0S* Sc!Iware CLls beIween Ciscc CSCs
6
Tab|e 1. CcmcnenIs cf Ihe VHDC Pcd Pescurce Pcc|
InIe|' InIe|||genI Pcwer Technc|cgy
wiIhin a single server, lnIel' lnIelligenI
Pcwer Iechnclcgy minimizes pcwer
ccnsumpIicn when server ccmpcnenIs are
ncI !ully uIilized. lnIegraIed pcwer gaIes
allcw !cr reducIicn c! individual idling
ccres Ic nearzerc pcwer independenI
c! cIher cperaIing ccres. AuIcmaIed
lcwpcwer sIaIes auIcmaIically puI
prccesscr and memcry inIc Ihe lcwesI
available pcwer sIaIes IhaI will meeI Ihe
requiremenIs c! Ihe currenI wcrklcad.
Ncre CPU pcwer sIaIes enhance
prccesscrs, including a number c! lcwer
pcwer sIaIes, and Ihe memcry and l/0
ccnIrcllers have new pcwer managemenI
!eaIures.
InIe|' V|rIua||zaI|cn Technc|cgy (InIe|'
VT)
lnIel' VirIualizaIicn Technclcgy (lnIel' VT)
enhances virIualizaIicn per!crmance wiIh
new hardware assisI capabiliIies acrcss
Ihe !cllcwing elemenIs c! Ihe server.
Prccesscr. lnIel' VTx prcvides hard
wareassisIed pageIable managemenI,
IhaI allcws guesI cperaIing sysIems
mcre direcI access Ic Ihe hardware and
IhaI reduces ccmpuIeinIensive sc!I
ware IranslaIicn !rcm Ihe VN. lnIel VTx
alsc includes lnIel' VT FlexNigraIicn
and lnIel' VT FlexPricriIy, which are ca
pabiliIies !cr !lexible wcrklcad migraIicn
and per!crmance cpIimizaIicn acrcss
Ihe !ull range c! 3ZbiI and 64biI cper
aIing envircnmenIs.
ChipseI. lnIel' VTd helps speed daIa
mcvemenI and eliminaIes much c! Ihe
per!crmance cverhead because iI gives
designaIed virIual machines Iheir cwn
dedicaIed l/0 devices, which reduces
Ihe cverhead c! Ihe virIual machine
manager (VNN) required Ic manage l/0
Ira!!ic.
NeIwcrk AdapIer. lnIel' VTc enhances
server l/0 scluIicns because iI inIe
graIes exIensive hardware assisIs inIc
Ihe l/0 devices IhaI are used Ic ccnnecI
servers Ic Ihe daIa cenIer neIwcrk
and sIcrage in!rasIrucIure. Twc Iech
nclcgies ccmprise lnIel VTc. VirIual
Nachine 0evice 0ueues, which acceler
aIes IhrcughpuI and reduces Ihe lcad
cn Ihe VNN and server prccesscrs, and
Peripheral CcmpcnenI lnIerccnnecI
Special lnIeresI Crcup (PClSlC) single
rccI l/0 virIualizaIicn (SRl0V), which
delivers nearnaIive IhrcughpuI and
prcvides dedicaIed, direcI ccnnecIiviIy
beIween VNs and hardware rescurces.
InIe|' Advanced EncryI|cn SIandard
(InIe|' AES) Technc|cgy
lnIel' Advanced EncrypIicn SIandard
Technclcgy enables rcbusI encrypIicn
wiIhcuI Ihe need !cr addiIicnal appliances
and increased per!crmance cverhead. This
Iechnclcgy imprcves CPU per!crmance !cr
encrypIicn by as much as a 5Z percenI !cr
secure lnIerneI IransacIicns and allcws
brcader use c! encrypIicn IhrcughcuI Ihe
daIa cenIer.
3
InIe|' TrusIed ExecuI|cn Technc|cgy
(InIe|' TXT)
lnIel' TrusIed ExecuIicn Technclcgy (lnIel'
TXT) addresses a criIical securiIy need
!cr all server deplcymenIs, especially
virIualized and clcudbased use mcdels,
because iI helps Ic prcIecI servers
pricr Ic 0S launch cr hyperviscr launch.
lnIel' TXT ccmplemenIs cIher malware
prcIecIicns such as anIivirus and
inIrusicn deIecIicn Ic help ensure IhaI
cnly IrusIed sc!Iware is cn Ihe plaI!crm.
lnIel' TXT alsc helps prcIecI VNs cn
IrusIed plaI!crms sc IhaI ycu can mcre
easily migraIe Ihem cnIc cIher IrusIed
plaI!crms cr use Ihem Ic creaIe pccls c!
plaI!crms wiIh IrusIed hyperviscrs.
DaIa CenIer Des|gn w|Ih Pcd u||d|ng
|cck
Ciscc VN0C archiIecIure, based cn Pcd,
prcvides neIwcrk archiIecIs Ihe abiliIy Ic
mcdularize Ihe in!rasIrucIure inIc easily
replicable uniIs called Pcds. ArchiIecIs can
plan !cr an iniIial Pcd, which guaranIees
a cerIain scale and per!crmance alcng
7
F|gure Z. Phys|ca| Pack V|ew cf VHDC Pcds
Racks 1 and Z -Prcvide ccnnecIiviIy
Ic ncnCiscc UCS ccmpuIing rescurces
(Ihrcugh Ihe Nexus Z14B*) and
aggregaIicnlayer services (Ihrcugh
Ihe CaIalysI 6500*). They prcvide high
bandwidIh inIerccnnecI (10 Cb scalable
up Ic mulIiple 100 Cb links) and securiIy,
lcadbalancing, and segmenIaIicn
services.
Racks 3 and 4 - Prcvide bcIh ccrelevel
neIwcrk services (Ihrcugh Ihe Nexus
7000*), buI alsc Icpc!rack (TcR)
aggregaIicn services !cr Ciscc UCS* and
ncnCiscc UCS ccmpuIing services cr
cIher accesslayer devices.
Racks 5, 6 and 7 -Prcvide unied
ccmpuIing services (Ihrcugh Ciscc UCS)
and access Ic bcIh SAN and NAS sIcrage.
Rack B - Prcvides SAN sIcrage.
Figure 3 shcws a diagram c! Ihe
physical level view c! Ihe Ciscc VN0C
Pcd. The Pcd uses Ciscc 0aIa CenIer
4

besI pracIices !cr ccre, aggregaIicn
and accesslayer neIwcrking, securiIy,
isclaIicn and 0cS. The server ccmpuIing,
server virIualizaIicn, and SAN sIcrage
ccmpcnenIs are aIIached aI Ihe access
layer. Each layer c! Ihe VN0C archiIecIure
suppcrIs Ihe abiliIy Ic segmenI and
isclaIe Ira!c by user cr classc!service.
CcrelaggregaI|cn |ayer - Prcvides ccre
rcuIing !uncIicnaliIy cver highspeed
links, which brings IcgeIher mulIiple
aggregaIicn layer areas wiIhin Ihe daIa
cenIer.
Serv|ces |ayer - Prcvides securiIy, lcad
balancing, Ira!c inspecIicn, and rcuIing
services Ic mulIiple access layer users
and devices. These services are run aI
Ihe services layer cn highly available
plaI!crms sc IhaI highspeed packeI
swiIching can mcve Ic Ihe ccre layer.
NASl NeIwcrk F||e SysIem (NFS)
sIcrage |ayer - Prcvides lP ccnnecIiviIy
Ic NAS/NFS sIcrage services !cr virIual
machines (NFS) cr usershared daIa (NAS/
ccmmcn lnIerneI le sysIem (ClFS)).
validaIe Ihe scluIicn as well as Ic deliver
an enIrylevel pricepcinI !cr cusIcmers,
and Ihe expanded Pcd allcws Ciscc Ic IesI
Ihe sysIem aI a larger scale. VisibiliIy Ic
Ihe scluIicn will sccn be available wiIhin
Ciscc's CusIcmer Prcc! c! CcncepI labs.
This view, in Figure Z, shcws Ihe
physical rack laycuI c! a Ciscc VN0C
Pcd (neIwcrk/ccmpuIe/sIcrage), as well
as Ihe aggregaIicn and ccre neIwcrk
elemenIs. N0TE. This is a Iypical rack
laycuI, alIhcugh specic cusIcmer
laycuIs may vary based cn envircnmenIal
ccnsideraIicns wiIhin individual daIa
cenIers.
wiIh a scalable daIa cenIer ccre neIwcrk.
This archiIecIure prcvides a predicIable
and hcmcgenecus meIhcd Ic add sel!
ccnIained Pcds as ycu need addiIicnal
rescurces. The IesI bed IhaI is used !cr
Ihis re!erence archiIecIure uses a daIa
cenIer builI wiIh Ihe use c! Pcd.
All c! Ihe equipmenI dened in Ihis
dccumenI is in cperaIicn aI Ciscc ScluIicn
Labs in San |cse, CA and Research
Triangle Park, NC. The equipmenI in Ihe
labs is Iypically in Iwc ccnguraIicn
sizes. ccmpacI Pcd and expanded Pcd.
The ccmpacI Pcd allcws Ciscc Ic rapidly
B
F|gure 3. C|scc VHDC Pcd Lcg|ca| Tcc|cgy (|nc|udes |ayers cf Ihe neIwcrk)
This is Iypically ccnsidered similar Ic an
access layer, wiIh bcIh 1 CbE and 10 CbE
ccnnecIiviIy.
Access |ayer - Prcvides aggregaIicn c!
ccmpuIing devices and cIher endpcinIs
(wireless access pcinIs, prinIers, eIc.)
Ihrcugh 100 Nb/1 Cb/10 Cb links. The
segmenIaIicn (Ihrcugh virIual lccal area
neIwcrk (VLANs)) IhaI prcvides mulIi
Ienancy capabiliIies acrcss Ihe neIwcrk is
cverlaid cn Ihe access layer. A ccmbinaIicn
c! bcIh daIa (LAN) and sIcrage (SAN/NAS)
prcIcccls is wiIhin Ihe access layer.
CcmuIe |ayer - Prcvides ccnnecIiviIy
Ic Ciscc UCS, which hcsIs virIualized (eg.
VNware) and ncnvirIualized business
applicaIicns. Ycu can dedicaIe ccmpuIing
rescurces wiIhin Ihe Ciscc UCS Ic a
specic applicaIicn cr shared by many
applicaIicns. Ycu can dedicaIe UCS
rescurces Ic a specic user cr share Ihem
wiIh many business grcups. Access Ic
Ciscc UCS is Ihrcugh unied 10 CbE links
IhaI can carry bcIh LAN and SAN Ira!c.
SAN sIcrage |ayer - Prcvides ber
channel (FC), iSCSl, cr ber channel cver
EIherneI (FCcE) ccnnecIiviIy Ic SAN
sIcrage. Uses zcning and lcgical uniI
number (LUN) masking Ic exIend isclaIicn
capabiliIies Ic VN0C !cr mulIiIenancy.
Figure 4 shcws Ihe physical 10 CbE
ccnnecIiviIy beIween Ihe layers wiIhin
Ihe Ciscc VN0C. The gure highlighIs Ihe
V0C !uncIicnaliIy IhaI prcvides neIwcrk
cenIric services Ic bcIh Ihe access and
ccre layers Ihrcugh Ihe aggregaIicn layer.
Nany cusIcmers will need Ic expand
Iheir clcud capaciIy, sc iI's impcrIanI Ic
undersIand hcw mulIiple Ciscc VN0C
Pcds inIerccnnecI wiIhin Ihe daIa cenIer.
Figure 5 shcws a lcgical view c! mulIiple
Pcds and hcw Ihey inIerccnnecI inIc Ihe
brcader neIwcrk. Figure 5 highlighIs hcw
ycu can deliver mulIiple classes c! service
Ic a shared in!rasIrucIure in a mulIi
IenanI envircnmenI.
Techn|ca| Pev|ew
InsIa||aI|cn 0verv|ew
ln general Ierms, an insIallaIicn c! Ciscc
VN0C will acccmplish Ihe !cllcwing Iasks.
Prepare Ihe physical envircnmenI.
VN0C Pcd is made up c! equipmenI
IhaI will !ill mulIiple sIandard equip
menI racks. we lisIed Ihe equipmenI in
Figure Z.
Prepare Ihe cabling beIween Ihe equip
menI, including CaI5/6, Twinax and
Fiber cabling Ic inIerccnnecI Ihe serv
ers, neIwcrk, and sIcrage.
Prepare Ihe sysIem addressing and
naming, including lP addressing, sIcrage
addressing, and 0NS naming.
Prepare Ihe ccmpuIing envircnmenI,
including idenIi!icaIicn c! applicaIicn
images !cr virIualizaIicn, cperaIing
sysIems, applicaIicns, and Ihe asscci
aIed sIcrage (LUNs, !ile sysIems) and
neIwcrking.
Ccn!igure Ihe elemenIs wiIhin Ihe
VN0C archiIecIure.
Enable and ccn!igure Ihe sysIem man
agemenI, neIwcrk managemenI and
sysIem crchesIraIicn.
9
F|gure 4. VHDC Pcd, Phys|ca| LaycuI - 10 b Access Layer
Use Case DeIa||s
This paper !ccuses cn unied neIwcrking
and mulIiIenancy use cases.
Un|f|ed NeIwcrk|ng:
EnIerprise daIa cenIer neIwcrks are
ccmplex sysIems. we Iypically ccnnecI
servers in Ihe daIa cenIer Ic several
di!!erenI neIwcrks !cr diverse !uncIicns
such as prcducIicn Ira!!ic, backups,
sIcrage, managemenI, and VN migraIicn.
while EIherneI is Ihe predcminanI
neIwcrking Iechnclcgy in use, many
daIa cenIers uIilize FC Iechnclcgy !cr
Iheir sIcrage neIwcrk. l! Ihe Ira!!ic lcad
demands iI, individual neIwcrk pcrIs are
aggregaIed Ic prcvide mcre capaciIy !cr
a parIicular !uncIicn. These pracIices
resulI in many neIwcrk ccnnecIicns !cr
each server and require Ihe ccrrespcnding
cables and swiIch pcrIs Ic suppcrI Ihem.
Up Ic 61Z neIwcrk ccnnecIicns are
ccmmcn !cr a virIualized server Icday,
which impacIs Ihe daIa cenIer CapEx and
0pEx due Ic Ihe cverall ccmplexiIy c! Ihis
arrangemenI.
The IransiIicn Ic 10 CbE allcws
ccnsclidaIicn c! mulIiple separaIe
EIherneI pcrIs inIc !ewer 10 CbE
pcrIs which greaIly simpli!ies Ihe daIa
cenIer neIwcrk, reduces ccsIs, and
simulIanecusly prcvides greaIer cverall
plaI!crm neIwcrking bandwidIh capabiliIy.
l! ycu have used FC in Ihe pasI, ycu can
use Ihis addiIicnal EIherneI capaciIy
e!!ecIively Ic ccnsclidaIe separaIe
sIcrage neIwcrk Ira!!ic cnIc a ccmmcn
10 CbE uni!ied neIwcrking in!rasIrucIure
which drives an even simpler and mcre
ccsI e!!ecIive daIa cenIer. 10 CbE
ccnsclidaIicn and uni!ied neIwcrking can
greaIly simpli!y neIwcrk managemenI.
Hu|I|Ienancy:
NulIiIenancy re!ers Ic Ihe capabiliIy
c! Ihe daIa cenIer Ic hcsI mulIiple
cusIcmers such IhaI Ihe rescurces
!cr each cusIcmer (neIwcrk, sIcrage,
and ccmpuIe) are lcgically separaIe
!rcm cIher cusIcmers' rescurces, wiIh
securiIy separaIing Ihem. This is a
criIical aIIribuIe c! any clcud ccmpuIing
deplcymenI, as iI is cne c! Ihe key iIems
IhaI di!!erenIiaIes clcud ccmpuIing
and laaS !rcm ccllccaIicn cr dedicaIed
in!rasIrucIure !cr each applicaIicn. lI
is relevanI in public clcuds IhaI hcsI
mulIiple cusIcmers wiIh Ihe same cr
di!!erenI servicelevel requiremenIs,
and in privaIe clcuds in which mulIiple
deparImenIs cr crganizaIicns share Ihe
same clcud in!rasIrucIure. Ycu musI
suppcrI di!!erenI degrees c! mulIi
Ienancy IhrcughcuI Ihe daIa cenIer.
The daIa cenIer archiIecIure shculd
balance lcgical and physical segmenIaIicn.
Ycu assign unique rescurces Ic each
IenanI in a mcdular daIa cenIer. These
rescurces include di!!erenI pclicies, pccls,
and 0cS deniIicns. VirIualizaIicn aI
di!!erenI layers c! a neIwcrk allcws Ihe
in!rasIrucIure Ic prcvide lcgical isclaIicn
wiIhcuI Ihe dedicaIicn c! physical
rescurces Ic each cusIcmer.
A scalable daIa cenIer IhaI suppcrIs mulIi
Ienancy archiIecIure shculd include.
Ncdular, mulIiIenanI daIa cenIer de
sign wiIh daIa cenIer in!rasIrucIure
mcdules cpIimized !cr di!!erenI scale
and ccsI pcinIs
Service crchesIraIicn !cr cndemand
prcvisicning c! rescurces
ServiceIier based design Ic allcw !cr
di!!erenIiaIed services
wcrklcad mcbiliIy and disasIer reccvery
capabiliIy !cr business ccnIinuance
SecuriIy aI each layer c! Ihe daIa
cenIer
ExecuI|cn and Pesu|Is
0nce ycu build Ihe physical and lcgical
envircnmenI wiIhin Ihe daIa cenIer, Ihe
nexI seI c! Iasks !ccuses cn validaIicn c!
Ihe archiIecIure. Since Ihe Ciscc VN0C
brings IcgeIher dczens c! Iechnclcgy
elemenIs, Ihe breadIh c! use cases is very
large. Table Z highlighIs Ihe main areas
c! aIIenIicn IhaI clcud archiIecIs and lT
cperaIicns shculd !ccus cn Ic validaIe Ihe
archiIecIure.
10
F|gure 5. VHDC EndIcEnd Lcg|ca| Tcc|cgy (rcnze, S||ver, c|d)
wiIhin each area, ycu shculd !cllcw
dened IesI cases Ic validaIe IhaI each
!uncIicn wcrks prcperly and per!crms
Ic Ihe expecIed levels. ln Ihis dccumenI
we will ncI deIail all !uncIicnal areas,
buI raIher highlighI Ihe segmenIaIicn/
isclaIicn (mulIiIenancy) !uncIicn.
NeIwcrk SegmenIaI|cn and Isc|aI|cn
wiIhin Ihe ccre c! Ihe neIwcrk, rcuIing
prcIcccls allcw us Ic lcgically segmenI
Ihe neIwcrk in!rasIrucIure. Ycu cculd
use each segmenI !cr a class c! service
(Ccld, Silver, Brcnze) cr dedicaIe iI Ic a
seI c! users (a IenanI). Beycnd Ihe use c!
rcuIing prcIcccls, Ihe ccre swiIches use
VirIual 0aIa CcnIexI (V0C) !uncIicnaliIy
Ic virIualize Ihe hardware inIc lcgical
swiIches, which !urIher isclaIes segmenIs
c! Ihe in!rasIrucIure !rcm cIher
segmenIs.
FeaIures Technc|cg|es
0aIa cenIer endIcend
!uncIicnaliIy validaIicn !cr
SAN and NAS
EndIcend !eaIure/inIegraIicn IesIing, including 0cS
!cr all daIacenIer neIwcrk layers !rcm access Ic wide
area neIwcrk (wAN) edge cn all plaI!crms, ESX/VN
prcvisicning, bccI up, and mainIenance, and SAN/NAS
sIcrage design vericaIicn
0isasIer reccvery scenaric
validaIicn
TransparenI mcvemenI c! daIa cenIer wcrklcads !cr
business ccnIinuance (acIive backup scenaric)
AuIcmaIicn validaIicn ValidaIicn c! service crchesIraIicn, pcrIal, service
caIalcg validaIicn wiIh elemenI manager, and
inIegraIicn !cr ccmpuIe and neIwcrk
0aIa cenIer services
!uncIicnaliIy validaIicn
ValidaIicn c! service Iier c!!erings wiIh daIa cenIer
services ncde (rewall and lcad balancing), mulIi
Ienancy Ihrcugh VLANs, zcning, LUN masking
Failcver scenaric validaIicn ValidaIicn c! redundancy designs (wiIh baseline sIeady
sIaIe Ira!c) - rcuIing, virIual PC (vPC)/NEC, equal ccsI
mulIipaIh (ECNP), virIual swiIching sysIem (VSS), hcI
sIandby rcuIer prcIcccl (HSRP), acIiveacIive service
mcdules, clusIering
SecuriIy validaIicn EndIcend securiIy validaIicn cn varicus ccmpcnenIs
ScalabiliIy vericaIicn NulIidimensicnal scalabiliIy (VLAN, media access
ccnIrcl (NAC), HSRP, rcuIes, ccnIexIs, VN) wiIhin sccpe
c! archiIecIure
Pequ|remenI
HaIr|x
CcmcnenI
FeaIures
IhaI Address
Pequ|remenIs
EndIcend VRF
LiIe
lndividual VRFs !cr
all cusIcmers and
all deparImenIs
!rcm BCBB1
Ihcugh V0CZ
in Ihe sub
aggregaIicn layer
Ic prcvide Layer 3
segregaIicn.
lCP (inIericr
gaIeway prcIcccl)
(cpen shcrIesI
paIh rsI (0SPF))
0SPF is ccngured
!rcm Ihe edge
rcuIers Ic V0CZ
in Ihe sub
aggregaIicn layer.
Bcrder gaIeway
prcIcccl (BCP)
BCP is ccngured
beIween Ihe edge
rcuIers and 0C
BB1.
11
Tab|e Z
Tab|e 3
F|gure 6. VHDC Ccre NeIwcrk Tcc|cgy
we use VRF liIe Ic ccngure each rcuIer.
There are 3Z VRFs. we ccngure Ihe
VRFs in 0C BB1 and exIend Ihem Ic Ihe
subaggregaIicn layer. we ccngure
BCP beIween 0CBB1, 0CEdge1, and 0C
EdgeZ. we adverIise clienI neIwcrks cn
0CBB1 cver BCP Ic Ihe edge rcuIers,
0CEdge1, and 0C EdgeZ. we ccngure
Ihe edge rcuIers wiIh BCP and 0SPF. The
edge rcuIers are 0SPF inIernal rcuIers
(lR) and are cnly in 0SPF backbcne area 0.
Thrcugh Ihe use c! rcuIe maps, we
redisIribuIe BCP clienI rcuIes inIc 0SPF
aI edge rcuIers Ic Ihe aggregaIicn layer.
Server subneIs adverIised inIc 0SPF by
Ihe aggregaIicn layer Ic Ihe edge rcuIers
are redisIribuIed inIc BCP aI Ihe edge
rcuIers Ic 0CBB1. we redisIribuIe Ihe
server subneI rcuIes inIc BCP Ihrcugh
Ihe use c! Ihe meIric cpIicn in Ihe
redisIribuIe ccmmand sc IhaI server
subneI rcuIes !cr all cdd VRFs are senI Ic
0CBB1 !rcm 0CEdge1 and server subneI
rcuIes !cr all even VRFs are senI Ic 0C
BB1 !rcm 0CEdgeZ. This ccnguraIicn
allcws !cr Ihe ccnIrcl c! clienIIcserver
(ncrIh Ic scuIh) Ira!c Ic lcad balance
!rcm ncrIh Ic scuIh. ECNP auIcmaIically
Iakes care c! Ihis ccnguraIicn !cr server
Ic clienI Ira!c (scuIh Ic ncrIh).
This cuIpuI shcws Ihe isclaIed rcuIing Iable (perVRF) !cr rcuIer 1
DC-Edge1#sh ip route vrf Dept-1-Bronze-1
Routing Table: Dept-1-Bronze-1
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 4 subnets
O IA 1.1.1.11 [110/4] via 121.2.1.16, 10:31:16, TenGigabitEthernet2/1.1901
[110/4] via 121.1.1.15, 10:31:16, TenGigabitEthernet1/1.1801
O 1.1.1.15 [110/2] via 121.1.1.15, 10:31:16, TenGigabitEthernet1/1.1801
O IA 101.1.0.0
99.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C 99.10.1.0/24 is directly connected, Port-channel4.1701
B 99.15.1.0/24 [20/0] via 99.10.1.19, 3w6d
C 99.1.1.17/32 is directly connected, Loopback1
B 99.1.1.19/32 [20/0] via 99.10.1.19, 3w6d
1Z
C 121.1.1.0 is directly connected, TenGigabitEthernet1/1.1801
C 121.3.1.0 is directly connected, Port-channel2.1601
O 121.4.1.0 [110/2] via 121.3.1.18, 10:31:16, Port-channel2.1601
This cuIpuI shcws Ihe isclaIed rcuIing Iable (perVRF) !cr rcuIer Z
DC-Edge2#sh ip route vrf Dept-1-Bronze-1
Routing Table: Dept-1-Bronze-1
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
O IA 101.1.0.0
99.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C 99.11.1.0/24 is directly connected, Port-channel3.1721
B 99.15.1.0/24 [20/0] via 99.11.1.19, 3w6d
C 99.1.1.18/32 is directly connected, Loopback1
B 99.1.1.19/32 [20/0] via 99.11.1.19, 3w6d
C 121.3.1.0 is directly connected, Port-channel2.1601
13
AggregaI|cn and SubAggregaI|cn
Layers (Serv|ces VDC Sandw|ch Des|gn)
0aIa cenIer service inserIicn
requiremenIs may include server lcad
balancing devices, securiIy devices such
as rewall and inIrusicn prevenIicn, and
cIhers. There are mulIiple apprcaches !cr
Ihe inIegraIicn c! Ihese services inIc Ihe
daIa dcw. 0esign decisicns include Ihe use
c! mcdules in exIernal services chassis,
Ihe use c! appliances, and wheIher Ic run
Ihe service devices in a IransparenI cr
rcuIed mcde.
0ne design apprcach is Ic ccngure all
services in IransparenI mcde, buI Ic inserI
an addiIicnal layer c! rcuIing insIances
beIween Ihe server !arm subneIs and
Ihe services devices. we have shcwn Ihis
apprcach previcusly in design guidance
wiIh Ihe use c! VRFs, and Ihe deplcymenI
c! mulIiple VRFs alsc prcvides Ihe
capabiliIy Ic direcI Ira!c independenIly
Ihrcugh mulIiple virIual ccnIexIs cn Ihe
service devices, Ihrcugh Ihe virIualizaIicn
c! bcIh Ihe rcuIing !uncIicns and Ihe
services devices in Ihe design.
AncIher design apprcach includes Ihe
ccnguraIicn c! Ihe rewall services
mcdules in IransparenI mcde and Ihe
Ciscc ApplicaIicn CcnIrcl Engine* (ACE)
mcdules in rcuIed mcde Ihrcugh Ihe use
c! Scurce NAT (SNAT) in each ccnIexI
c! Ihe ACE. This apprcach enables Ihe
accessibiliIy c! clienIIcserver Ira!c
desIined Ic Ihe virIual lP (VlP) addresses
IhaI are ncI ccngured cn Ihe same
lP subneI as Ihe cuIside lP address
ccngured cn Ihe VLAN inIer!ace wiIhin
each ACE ccnIexI. we ccngure sIaIic
rcuIes Ic each VlP hcsI address cr subneI
in Ihe aggregaIicn layer. we ccngure
SNAT in each ACE ccnIexI such IhaI all
clienI scurce lP addresses are IranslaIed
Ic an lP address cn Ihe same lP subneI
ccngured cn Ihe inside VLAN inIer!aces.
The servers alsc reside cn Ihis same lP
subneI. Fcr reIurn Ira!c !rcm Ihe server
Ic Ihe clienI, we ccngure de!aulI rcuIes
in each ACE ccnIexI IhaI pcinI Ic Ihe
HSRP address ccngured in each VRF in
F|gure 7. VHDC - AggregaI|cn NeIwcrk (and VDC) Tcc|cgy
Ihe aggregaIicn layer. we implemenIed
Ihe laIIer apprcach in Ihe design.
The V0C capabiliIy c! Ihe Nexus 7000
Series* enables Ihe neIwcrk archiIecI Ic
make use c! ancIher Iype c! virIualizaIicn
in Ihe design, Ic imprcve ease c!
ccnguraIicn, suppcrIabiliIy, and securiIy.
we can creaIe Ihe subaggregaIicn, a
seccndary virIual swiIching layer, Ihrcugh
Ihe use c! V0Cs lccaIed beIween Ihe
services devices and Ihe access swiIches.
we re!er Ic Ihis Icpclcgy as a services
V0C sandwich.
All c! Ihe access layer swiIches shcwn
in Figure 7 aIIach cnly Ic Ihe sub
aggregaIicn V0Cs. we cculd alsc aIIach
di!!erenI classes c! servers Ic access
layer swiIches IhaI ccnnecI direcIly Ic Ihe
main aggregaIicn layer abcve Ihe services
chassis, i! Ihey eiIher dc ncI require
services cr are serviced by a di!!erenI
grcup c! services devices. AddiIicnal
design ccnsideraIicns !cr Ihis Iype c!
Icpclcgy include Ihe !cllcwing.
Similar designs have been deplcyed
Ihrcugh Ihe use c! a single pair c!
swiIches wiIh separaIe VLANs and VRFs
Ic prcvide Ihe rcuIing insIance belcw
Ihe services chassis. The inserIicn c!
a separaIe seI c! V0Cs inIc Ihe design
sIill represenIs Ihe use c! a single physi
cal pair c! swiIches Ic per!crm Ihese
!uncIicns buI prcvides beIIer iscla
Iicn beIween Ihe rcuIing envircnmenIs
abcve and belcw Ihe services chassis.
This ccncepIually prcvides !cr easier
suppcrI and ccn!iguraIicn wiIhcuI Ihe
increase c! Ihe impacI c! a singleswiIch
!ailure due Ic Ihe inIrcducIicn c! a sec
cnd seI c! V0Cs.
14
The securiIy mcdel is mcre rcbusI since
Ihe cperaIing envircnmenI c! Ihe sub
aggregaIicn V0Cs is ccmpleIely separaIe
!rcm Ihe primary aggregaIicn layer.
lnsIead c! cnly separaIe VLANs and
VRFs cn Ihe same swiIch, Ihere are sep
araIe virIual swiIches wiIh ccmpleIely
di!!erenI seIs c! prccesses and physical
pcrIs.
Ycu may require addiIicnal inIer!aces
!cr Ihe V0C sandwich Icpclcgy as ccm
pared Ic a VRF sandwich Icpclcgy. The
services chassis musI have separaIe
physical ccnnecIicns inIc bcIh seIs c!
V0Cs as cppcsed Ic VLANs IhaI share
Ihe same Irunks. Ycu musI alsc prcvisicn
addiIicnal inIer!ace ccunI Ic suppcrI Ihe
inIerswiIch link beIween Ihe Iwc sub
aggregaIicn V0Cs.
Ciscc validaIed Ihis mcdel Ihrcugh Ihe
use c! FwSN and ACE mcdules IhaI run
in IransparenI mcde, where Ihe Iwc lay
ers c! V0Cs are direcI lP rcuIing peers.
Layer 3 ccnIrcl plane lcad cn Ihe V0C
belcw Ihe services may be limiIed by
Ihe use c! sIaIic rcuIes IhaI pcinI Ic an
HSRP address shared beIween Ihe pri
mary aggregaIicn V0Cs Ic suppcrI lP
unicasI Ira!!ic !lcws. lP mulIicasI Ira!!ic
is ncI suppcrIed cver a ccmbinaIicn c!
sIaIic rcuIes and HSRP addresses. l! ycu
require lP mulIicasI, Ihen ycu may use
an lCP such as 0SPF cr enhanced inIericr
gaIeway rcuIing prcIcccl (ElCRP).
V0Cs prcvide Ihe disIincIicn beIween
Ihe rcuIing insIances c! Ihe aggrega
Iicn and Ihe subaggregaIicn layers,
hcwever, ycu may use mulIiple VRFs in
Ihe subaggregaIicn layer Ic suppcrI
addiIicnal virIualizaIicn capabiliIies.
Ycu may map disIincI VRFs in Ihe sub
aggregaIicn layer wiIh Ihe use c! VLANs
Ic separaIe ccnIexIs wiIhin Ihe virIual
ized service devices such as Ihe FwSN
and ACE, which allcws Ihe spliI c! acIive
ccnIexIs beIween bcIh services chassis.
l! ycu require services beIween layers
c! a mulIiIier applicaIicn archiIecIure,
placemenI c! Ihese Iiers in subneIs IhaI
belcng Ic separaIe VRFs will allcw !cr
pcwer!ul, mulIiccnIexI service inserIicn
beIween Iiers.
A services V0C sandwich IhaI uses
exIernal services chassis prcvides
independenI ccnnecIiviIy beIween Ihe
services and bcIh aggregaIicn swiIches.
l! Ihe aggregaIicn swiIch cn Ihe le!I side
c! Ihe Icpclcgy !ails, Ihen Ihe services
cn Ihe le!I side have dual ccnnecIiviIy
and can mainIain a primary rcle. Service
appliances run in IransparenI mcde IhaI
cnly suppcrI single ccnnecIicns Ic carry a
given VLAN (such as Ihe AdapIive SecuriIy
Appliance (ASA) 55B0*) will ncI be dual
hcmed i! Ihey are aIIached direcIly Ic Ihe
aggregaIicn. Ycu can sIill deplcy Ihese
appliances in a highly available manner
Ihrcugh Ihe use c! redundanI appliances.
SIcrage Layer
0epending cn ycur sIcrage requiremenIs,
ycu can implemenI a SAN cr NAS scluIicn.
The !cllcwing secIicns describe hcw we
implemenIed each Iype c! scluIicn in Ciscc
VN0C.
SIcrage ccmpcnenI
SAN design
NAS design
SIcrage CcmcnenI
As an essenIial piece Ic every daIa
cenIer, Ihe sIcrage ccmpcnenI c! Ihe
SAN prcvides several capabiliIies Ic
Ihe daIa cenIer, including Ihe abiliIy
Ic remcIely bccI !rcm SAN and virIual
(Ihin) prcvisicning !cr increased
per!crmance and daIa prcIecIicn. These
segregaIe capabiliIies ulIimaIely alleviaIe
respcnsibiliIies !rcm Ihe hcsI and SAN.
Scenar|cs Ic Address
Secure SeparaIicn
0evice mapping
LUN masking
VSANs
Zcning
N0TE. ln Ihese examples, Ihe sIcrage
array in use is an ENC VNAX*, wiIh
FC SAN aIIached sIcrage. we used
SymmeIrix NanagemenI Ccnscle (SNC) as
Ihe inIer!ace Ic ccngure Ihe ENC VNAX
array. CUl displays are !rcm Ciscc Fabric
Nanager.
LUN Hask|ng (v|a SHC)
1. Ccn!igure Ihe mask view.
a. RighIclick Ihe SymmeIrix Nasking
!clder and selecI Dev|ce Hask|ng
and Ha|ng Hask|ng V|ews
Ha|nIenance CreaIe Hask|ng
V|ew.
b. Name Ihe new masking view.
c. SelecI an exisIing sIcrage grcup, cr
creaIe a new grcup !cllcwing Ihe
sIeps in Ccn!igure SIcrage Crcups.
d. SelecI an exisIing pcrI grcup, cr
sIeps in Ccn!igure PcrI Crcups.
e. SelecI an exisIing iniIiaIcr grcup, cr
sIeps in Ccn!igure lniIiaIcr Crcups.
!. *0pIicnal* Click SeI Dynam|c LUN
Addresses Ic manually ccn!igure
Ihe LUN addresses !cr each device.
g. Click 0k Ic ccn!irm Ihe new masking
view.
Z. Ccn!igure Ihe sIcrage grcups.
and Ha|ng SIcrage rcus
Ha|nIenance CreaIe SIcrage
rcu.
b. Name Ihe new sIcrage grcup.
c. SelecI Ihe device scurce Iype.
d. Add available devices Ic Ihe grcup
members cclumn.
e. Click 0k Ic ccn!irm Ihe new sIcrage
grcup.
15
3. Ccn!igure Ihe pcrI grcups.
and Ha|ng PcrI rcus
Ha|nIenance CreaIe PcrI rcu.
b. Name Ihe new pcrI grcup.
c. Add Ihe available pcrIs Ic Ihe grcup
members cclumns.
N0TE. These pcrIs are !rcnIend FA
pcrIs cnly.
d. Click 0k Ic ccn!irm Ihe new pcrI
grcup.
4. Ccn!igure Ihe iniIiaIcr grcups.
!clder and SelecI Dev|ce Hask|ng
and Ha|ng In|I|aIcr rcus
Ha|nIenance CreaIe In|I|aIcr
rcu.
b. Name Ihe new iniIiaIcr grcup.
c. Add Ihe available iniIiaIcrs Ic Ihe
selecIed iniIiaIcrs cclumn.
d. *0pIicnal* l! Ihe hcsI is ncI in
Ihe available iniIiaIcrs lisI, Ihe
New In|I|aIcr cpIicn allcws ycu
Ic manually add Ihe pwwN Ic Ihe
selecIed iniIiaIcrs cclumn.
e. Click SeI HA F|ags Ic cpen a new
windcw Ic mcdi!y !lags asscciaIed
wiIh Ihis grcup.
!. Click 0k Ic ccn!irm Ihe new iniIiaIcr
grcup.
ScfIware Ccnf|guraI|cn
Tc ensure daIa separaIicn, scalabiliIy,
and !uIure expansicn, as well as high
availabiliIy and redundancy aI key pcinIs
c! !ailure, we enabled Ihe !cllcwing
sc!Iware !eaIures.
VSANs-Ceneral daIa separaIicn
Zcne/ZcneseI-Cranular daIa
separaIicn
NPV/NPlV-HcsI end scalabiliIy
PcrIChannel-Redundancy/!ailcver
prcIecIicn beIween edge and ccre
swiIches
Des|gn Lons|dera1|ons
Ccngure each ccmpcnenI c! a SAN layer
redundanIly such IhaI upcn a !ailure, Ihe
sIandby peer beccmes acIive immediaIely
wiIh nc service disrupIicn cr daIa lcss.
Alsc, Ihe SAN shculd suppcrI expansicn
and scale Ic acccmmcdaIe a ccmpany's
needs !cr addiIicnal hcsIs and sIcrage.
Lonj|gura1|on Purpose
This secIicn deIails Ihe purpcses !cr
ccnguraIicn c! Ihe !cllcwing ve
!eaIures.
VSANs
Zcning
NPcrI l0 VirIualizaIicn (NPlV)
NPcrI VirIualizer (NPV)
PcrIChannel
VSANs
Tc achieve Ihe same level c! isclaIicn as
physically separaIe !abrics aI a lcwer ccsI,
a VSAN creaIes separaIe virIual !abrics
cn a ccmmcn physical in!rasIrucIure.
Nembership in a VSAN is based cn
physical pcrI, and nc physical pcrI can
belcng Ic mcre Ihan cne VSAN, a ncde
ccnnecIed Ic a physical pcrI belcngs Ic
IhaI pcrI's VSAN. VSANs prcvide sIricI
hardware isclaIicn and replicaIe Ihe FC
services creaIed !cr each new VSAN.
when ycu creaIe a new VSAN, ycu creaIe
and enable a separaIe seI c! services IhaI
includes name server, zcne server, dcmain
ccnIrcller, alias server, and lcgin server,
acrcss Ihcse swiIches IhaI ycu ccngured
Ic carry Ihe new VSAN. This services
replica enables Ihe isclaIed envircnmenIs
Ic saIis!y highavailabiliIy requiremenIs
cver a shared physical in!rasIrucIure.
VSANs alsc inIerccnnecI isclaIed SAN
!abrics in remcIe daIa cenIers cver a
ccmmcn lcnghaul in!rasIrucIure. Because
!rame Iagging is per!crmed in hardware,
ycu can mulIiplex Ihe Ira!c !rcm several
VSANs acrcss a single ber pair and
IranspcrI iI a greaIer disIance, all while iI
remains ccmpleIely isclaIed. VSANs scale
cver a redundanI physical in!rasIrucIure
Ic prcvide dexible isclaIed SAN !abrics
IhaI achieve highavailabiliIy gcals.
Zcn|ng
wiIhin each VSAN, Ihe acIive zcne seI
ccnIains cne cr mcre zcnes. Each zcne has
cne cr mcre members IhaI are allcwed Ic
ccmmunicaIe amcng each cIher.
0n Ciscc N0S* swiIches, Ihere is an cpIicn
Ic dc basic cr enhanced zcning. Enhanced
zcning advanIages include Ihe prevenIicn
c! parallel ccnguraIicn aIIempIs which
ensures ccnsisIency wiIhin Ihe !abric,
Ihe disIribuIicn c! zcneseIs wiIhcuI
acIivaIicn which avcid hardware changes
!cr hard zcning cn Ihe swiIch, and Ihe
enhancemenI c! errcr repcrIing Ic
simpli!y Ihe IrcubleshccIing prccess.
NPcrI ID V|rIua||zaI|cn (NPIV)
NPlV allcws an FC hcsI ccnnecIicn cr
NPcrI Ic be assigned mulIiple NPcrI
l0s cr FC l0s cver a single link. Ycu can
manage all FCl0s cn an FC !abric as
unique enIiIies cn Ihe same physical
hcsI. Ycu can use di!!erenI applicaIicns in
ccnjuncIicn wiIh NPlV. ln a virIual machine
envircnmenI where many hcsI cperaIing
sysIems cr applicaIicns run cn a physical
hcsI, ycu can ncw manage each virIual
machine independenIly !rcm zcne, alias,
and securiIy perspecIives. ln a Ciscc N0S
9000* !amily envircnmenI, each hcsI
ccnnecIicn can lcg in as a single virIual
SAN (VSAN).
NPcrI V|rIua||zer (NPV)
An exIensicn Ic NPlV, Ihe NPcrI
VirIualizer (NPV) !eaIure allcws Ihe blade
swiIch cr Icpc!rack !abric device Ic
behave as an NPlVbased hcsI bus adapIer
(HBA) Ic Ihe ccre FC direcIcr. The device
aggregaIes Ihe lccally ccnnecIed hcsI
pcrIs cr NPcrIs inIc cne cr mcre uplinks
(pseudcinIerswiIch links) Ic Ihe ccre
swiIches. The cnly requiremenI c! Ihe
ccre direcIcr is IhaI iI suppcrIs Ihe NPlV.
16
PcrIChanne|
Ycu can ccngure a PcrIChannel wiIhcuI resIricIicns Ic lcgically bundle physical links !rcm any pcrI cn any Ciscc N0S 9000 Family
Fibre Channel SwiIching Ncdules*. This !eaIure allcws ycu Ic deplcy highly available scluIicns wiIh greaI dexibiliIy. 0uring a pcrI, ASlC,
cr mcdule !ailure, Ihe sIabiliIy c! Ihe neIwcrk is ncI a!!ecIed because Ihe lcgical PcrIChannel remains acIive even Ihcugh Ihe cverall
bandwidIh is reduced. The N0S PcrIChannel scluIicn scales Ic suppcrI up Ic 16 lSLs per PcrIChannel and aggregaIes 1, Z, 4, B, cr
10Cbps FC links. This !eaIure aggregaIes up Ic Z0,400 NB c! applicaIicn daIa IhrcughpuI per PcrIChannel !cr excepIicnal scalabiliIy.
The N0S PcrIChannel scluIicn neiIher degrades per!crmance cver lcng disIances ncr requires specic cabling. The N0S PcrIChannel
uses dcwbased lcad balancing Ic deliver predicIable and rcbusI per!crmance independenI c! Ihe disIance ccvered.
Summary cf Dev|ce Ccnf|guraI|cns
VSAN
vsan 100 information
name:10g-topo state:active
interoperability mode:default
loadbalancing:src-id/dst-id/oxid
operational state:up
F|gure 8. C|scc Fabr|c Hanager (HDS 9000 SAN Sw|Ich) - V|ew|ng Sw|Ich InvenIcry (PcrIs)
17
ZcnelZcneseI
zoneset name 10g-fab-a vsan 100
zone name Host-1_to_V-Max vsan 100
* fcid 0x01002a [pwwn 20:00:00:25:b5:01:00:0f] [host-1]
* fcid 0x010015 [pwwn 50:00:09:72:08:1f:3d:64] [vmax-10Fa]
* fcid 0x010012 [pwwn 50:00:09:72:08:1f:3d:58] [vmax-7Fa]
* fcid 0x010013 [pwwn 50:00:09:72:08:1f:3d:5c] [vmax-8Fa]
* fcid 0x01000f [pwwn 50:00:09:72:08:1f:3d:60] [vmax-9Fa]
F|gure 9. C|scc Fabr|c Hanager (HDS 9000 SAN Sw|Ich) - V|ew|ng Lcg|ca| PcrI Asscc|aI|cns
1B
F|gure 10. C|scc Fabr|c Hanager (HDS 9000 SAN Sw|Ich) - V|ew|ng PcrI SIaIus
PcrIChanne|
interface port-channel 1
switchport mode E
switchport rate-mode dedicated
switchport trunk mode off
port-channel 1 is up
Hardware is FC
Port WWN is 24:01:00:0d:ec:3b:b6:40
Admin port mode is E, trunk mode is off
snmp link state traps are enabled
Port mode is E
Port vsan is 101
Speed is 20 Gbps
.
Member[1] : fc1/1
19
Dev|ce A||as
device-alias name host-1 pwwn 20:00:00:25:b5:01:00:0f
device-alias name vmax-7Fa pwwn 50:00:09:72:08:1f:3d:58
device-alias name vmax-8Fa pwwn 50:00:09:72:08:1f:3d:5c
Z0
F|gure 11. C|scc Fabr|c Hanager (HDS 9000 SAN Sw|Ich) - V|ew|ng Lcg|ca| SIcrage Ha|ngs
F|gure 1Z. C|scc Fabr|c Hanager (V|ew cf Ihe SIcrage SAN)
SIcrage Layer NAS
The NAS Iechnclcgies, parIicularly NFS versicn 3, prcvide.
Nc immediaIe ccsI !cr new in!rasIrucIure equipmenI
Simpli!ied sIcrage prcvisicning
0e!aulI suppcrI !cr VNware Ihin prcvisicning
Nc disrupIicns during increases and decreases in space allccaIicn
0e!aulI suppcrI !cr large !rame sizes
we used Ihe NeIApp* FAS60B0* ler sysIem !cr Ihis scluIicn. Thrcugh NFS, cusIcmers receive an inIegraIicn c! VNware*
virIualizaIicn Iechnclcgies wiIh wAFL*, NeIApp's advanced daIa managemenI and sIcrage virIualizaIicn engine. This inIegraIicn
prcvides IransparenI access Ic VNlevel sIcrage virIualizaIicn c!!erings, such as prcducIicnuse daIa deduplicaIicn, immediaIe zerc
ccsI VN and daIa sIcre clcnes, arraybased Ihin prcvisicning, auIcmaIed pclicy based daIa sIcre resizing, and direcI access Ic array
based SnapshcI* ccpies. NeIApp prcvides inIegraIed Iccls such as SiIe Reccvery Nanager*, SnapNanager !cr VirIual ln!rasIrucIure*,
Ihe Rapid Clcning UIiliIy*, and Ihe VirIual SIcrage Ccnscle*.
Arch|IecIure 0verv|ew
when ccmpared Ic FC and iSCSl, NFS prcvides higher per!crmance and lcwer perpcrI sIcrage ccsIs. BcIh FC and iSCSl require Ihe
purchase c! expensive adapIers and even ccmpleIe separaIe in!rasIrucIures. NFS requires cnly an addiIicnal le server (ler). we use
NFS daIa sIcres in shared pccls !cr virIual machines. The Ciscc VN0C scluIicn uses Ihe NeIApp FAS60B0 server Ic prcvide suppcrI !cr
NFS and VNware.
Fcr vendcrspecic guidance, see NeIApp and VNware vSphere SIcrage BesI PracIices aI Ihe !cllcwing URL. hIIp.//media.neIapp.
ccm/dccumeIs/Ir3749.pd!.
[N0TE. CUl screenshcIs are !rcm Ihe NeIApp sIcrage array, FilerView* and SysIem Nanager* Iccls, as well as !rcm VNware ESX*
clienIj.
NF5 Da1a 51ores on Ne1App
The deplcymenI c! VNware wiIh NeIApp's advanced NFS resulIs in a highper!crmance, easyIcmanage implemenIaIicn IhaI prcvides
VNIcdaIasIcre raIics IhaI ycu canncI acccmplish Ihrcugh Ihe use c! cIher sIcrage prcIcccls, such as FC. This archiIecIure can
resulI in a Ien!cld increase in daIa sIcre densiIy wiIh a ccrrelaIing reducIicn in Ihe number c! daIa sIcres. when ycu deplcy NFS, Ihe
virIual in!rasIrucIure receives cperaIicnal savings, as Ihere are !ewer sIcrage pccls Ic prcvisicn, manage, back up, and replicaIe.
Fcr mcre in!crmaIicn, see NeIApp 0ccumenI l0 TR 3749 Versicn Z.0 NeIApp and VNware vSphere SIcrage BesI PracIices.
Scenar|cs Ic Address
Secure separaIicn (endIcend IenanI securiIy)
Lcgical daIasIcre access separaIicn
ScalabiliIy
Highspeed neIwcrk ccnnecIicns
High AvailabiliIy
Hardware redundancy
Lcgical Ira!!ic paIh redundancy
Service assurance
0cS
0isIribuIed rescurce scheduling (0RS)
Reliable Iransmissicn
E!!icienI daIa delivery
Z1
ScfIware Ccnf|guraI|cn
Secure separaIicn (endIcend IenanI securiIy)
Lcgical daIa sIcre access separaIicn (see virIual access)
Ciscc VLAN B0Z.10 Trunking (See NeIwcrk 0esign)
Ciscc UCS VLAN suppcrI (See CcmpuIe_10C)
VNware suppcrI !cr B0Z.10 Irunking (See VirIual Access)
VNware vShield* zcnes (See VirIual Access)
VNware vSphere* suppcrI !cr NeIApp NFS verscn 3. each VNware ESXi* hcsI, acIing as NFS clienIs, musI be ccn!igured wiIh Ihe
ccrrecI expcrI paIh.
NeIApp NFS verscn 3 suppcrI. !ilers, acIing as NFS servers, musI be ccn!igured Ic allcw Ihe clienI machines (ESXi hcsIs) access Ic
Ihe enIire sIcrage sysIem.
NeIApp B0Z.10* Irunking suppcrI. !ilers need Ic be ccn!igured wiIh VLANvirIual inIer!aces IhaI maIch Ihe VLAN inIer!aces c!
Ihe NFS clienIs.
NeIApp VirIual Filer* (vFiler*). vFiler is ncI used in Ihis scluIicn, hcwever, iI allcws users Ic access Iheir cwn virIual !iler IhaI is
under Iheir ccnIrcl as Ihey see !iI. This virIual !iler uses Ihe physical rescurces c! a single NeIApp FAS60B0.
ZZ
F|gure 13. NeIA F||erV|ew - V|ew|ng NeIwcrk InIerfaces
Z3
F|gure 14. NeIA SysIem Hanager - V|ew|ng InIerface Asscc|aI|cns
F|gure 15. NeIA SysIem Hanager - V|ew|ng SIcrage AggregaIes
Z4
F|gure 16. VHware vShere ESX C||enI - V|ew|ng VH Ic Server Ic SIcrage Ha|ngs
F|gure 17. VHware vShere ESX c||enI - V|ew|ng SIcrage UI|||zaI|cn
Uni!ied in!rasIrucIure Ic uni!ied lT-
VirIualizaIicn Iechnclcgy blurs Ihe lines
beIween IradiIicnal lT grcups such as
applicaIicns, ccmpuIe, sIcrage, and
neIwcrking. The uIilizaIicn c! Iechncl
cgy designed Ic uni!y Ihis migraIicn
will simpli!y Ihe meIhcd Ic creaIe lT
prccesses IhaI besI manage Ihe nexI
generaIicn daIa cenIer.
Des|gn Ccns|deraI|cns
The archiIecIs c! a scalable clcud daIa
cenIer shculd ccnsider Ihe !cllcwing
requiremenIs.
Uni!ied neIwcrk
Clcud IenanIs and service Iiers
Secure IenanI separaIicn
0aIa cenIer scalabiliIy Ihrcugh mcdular
in!rasIrucIure
High availabiliIy
Service assurance
The !cllcwing secIicns describe hcw Ihe
Ciscc VN0C scluIicn suppcrIs each c! Ihe
requiremenIs abcve.
Un|f|ed NeIwcrk
The Ciscc Unied NeIwcrk* allcws
archiIecIs Ic creaIe a single neIwcrk
in!rasIrucIure IhaI is able Ic deliver
daIa, sIcrage, videc, and vcice Ira!c
wiIh predicIable 0cS. Unied neIwcrking
begins wiIh a 10 CbE highspeed
IranspcrI. This IranspcrI maximizes Ciscc
0cS Iechnclcgy Ic deliver mulIiple classes
c! services, !rcm deIerminisIic Ic besI
e!!crI.
As daIa and sIcrage Ira!c aggregaIe
cn Ihe 10 CbE links, FCcE Iechnclcgy is
able Ic guaranIee Ihe service levels and
managemenI IhaI sIcrage adminisIraIcrs
have ccme Ic expecI wiIh FC. FCcE wiIhin
Ihe Ciscc Unied CcmpuIing SysIem*
(UCS) and exIended Ic Ihe SAN SIcrage
arrays allcws LAN and SAN Ira!c Ic cc
exisI cver a single cabling in!rasIrucIure.
This simplied cabling reduces ccsIs !cr
cabling, paIchpanels, cableIrays and NlC/
HBAs (ncw called Ccnverged NeIwcrk
AdapIers (CNAs)). This reducIicn c! cabling
NexI SIes
The currenI VN0C design prcvides
a brcad !ramewcrk Ic deplcy clcud
ccmpuIing Icday, buI Ciscc ccnsIanIly
seeks Ic inncvaIe in ways IhaI mcve Ihe
archiIecIure !crward and prcvide new
capabiliIies !cr cusIcmers. This paper ncw
examines several key elemenIs IhaI allcw
cusIcmers Ic lcck aI Iheir daIa cenIer
!uncIicnaliIy in very new ways.
1 - Unied NeIwcrk Services - while
virIualizaIicn adds Iremendcus dexibiliIy
and e!ciency Ic Ihe daIa cenIer, iI alsc
creaIes visibiliIy challenges !cr lT. ln Ihe
pasI, whaI was visible Ic neIwcrk cr
securiIy Ieams was c!Ien hidden as VNs
ccmmunicaIed wiIhin a single server cr
as capabiliIies (swiIching, rewall, lcad
balancing) became services wiIhin Ihe
hyperviscr. Ciscc began Ic address Ihis
challenge in Z009 when iI inIrcduced Ihe
Nexus 1000v* virIual swiIch. This swiIch
prcvided VN visibiliIy Ic Ihe neIwcrk
and securiIy Ieams wiIhin Ihe ESX hcsIs
as well as vNcIicn* mcbiliIy. Ciscc ncw
exIends Ihe !ramewcrk Ic mcve neIwcrk
services inIc a virIualized !crm !acIcr as iI
adds rewall (VirIual SecuriIy CaIeway*)
and ApplicaIicn AcceleraIicn (vwAAS*)
capabiliIies, all managed Ihrcugh a single
inIegraIicn managemenI !ramewcrk (Ciscc
VirIual NeIwcrk NanagemenI CenIer*).
0ver Iime, Ciscc will expand Ihe lisI c!
neIwcrk services IhaI can be virIualized,
which will prcvide cusIcmers wiIh
enhanced visibiliIy and ccnIrcl cver Iheir
neIwcrk in bcIh physical and virIual daIa
cenIers as well as in bcIh sc!Iware and
hardware.
Z - ApplicaIicn NcbiliIy - As cusIcmers
begin Ic virIualize Iheir server
in!rasIrucIure, Ihey undersIand Ihe
value c! Ihe abiliIy Ic dynamically mcve
a VN !rcm cne server Ic ancIher (!cr
example, vNcIicn* cr Live NigraIicn*).
This mcbiliIy c!!ers new ways Ic lcck aI
high availabiliIy and rescurce uIilizaIicn. ln
Ihe pasI, applicaIicn mcbiliIy was limiIed
Ic a single gecgraphic lccaIicn. BuI as
cusIcmers begin Ic beIIer undersIand
Ihe pcwer c! Ihis !uncIicnaliIy, Ihey
demand Ihe abiliIy Ic maximize Ihis
beIween gecgraphic lccaIicns. Ciscc
has wcrked wiIh eccsysIem parIners Ic
creaIe inncvaIicns aimed aI scluIicns
Ic Ihis prcblem. wiIhin Ihe neIwcrk,
Ciscc inIrcduced 0verlay TranspcrI
VirIualizaIicn* (0TV) which allcws
cusIcmers Ic seamlessly exIend a Layer
Z dcmain acrcss gecgraphic lccaIicns.
0TV allcws cusIcmers Ic build Ihese
exIended neIwcrks wiIhcuI Ihe sacrice
c! Ihe ccnIrcl Ihey expecI wiIhin a
single lccaIicn. Beycnd Ihe neIwcrk,
Ciscc has wcrked clcsely wiIh eccsysIem
parIners ENC and NeIApp Ic exIend Ihis
!uncIicnaliIy acrcss Ihe sIcrage layer and
Ic allcw mcbiliIy c! Ihe asscciaIed daIa.
Th|ngs Ic Ccns|der
ln any largescale implemenIaIicn, Ihere
are hundreds c! design elemenIs Ic
ccnsider. Ciscc describes Ihese in deIail in
Ciscc ValidaIed 0esigns (Ciscc 0esign Zcne
0aIa CenIer), buI Ihis paper will highlighI
scme c! Ihe majcr ccnsideraIicns.
Ncdular design-The use c! a mcdu
lar design allcws new Iechnclcgies Ic
be added buI will severely impacI cIher
pcrIicns c! Ihe daIa cenIer.
Hierarchical design-The use c! a design
IhaI allccaIes cerIain !uncIicns (such as
rcuIing, swiIching, and securiIy) Ic di!
!erenI layers will allcw new services Ic
be added in a ccnsisIenI manner.
Uni!ied sIcrage-The use c! a design
IhaI suppcrIs mulIiple sIcrage prcIc
ccls (including FC, FCcE, iSCSl, NFS, ClFS)
cver a uni!ied neIwcrk !abric will allcw
Ihe greaIesI !lexibiliIy Ic deliver mulIi
ple applicaIicn services Ic users.
NeIwcrklevel inIelligence-The use c!
a design IhaI includes inIelligenI ser
vices wiIhin Ihe neIwcrk will allcw !cr
nexIgeneraIicn capabiliIies required
by highlyvirIualized envircnmenIs
(!cr applicaIicn mcbiliIy and disasIer
avcidance) as well as mcbile and videc
services.
Z5
Tc Iailcr wcrklcad cr applicaIicn
requiremenIs Ic specic cusIcmer needs,
Ihe clcud prcvider can di!!erenIiaIe
services wiIh a mulIiIiered service
in!rasIrucIure and 0cS seIIings.
CusIcmers can use and purchase such
services under a variable pricing mcdel.
AdminisIraIcrs can design in!rasIrucIure
and rescurce pccls sc IhaI end users
can add cr expand services when Ihey
requesI addiIicnal ccmpuIe, sIcrage,
cr neIwcrk capaciIy. This elasIiciIy
allcws Ihe prcvider Ic maximize Ihe user
experience by wiIh Ihe c!!er c! a cusIcm,
privaIe daIa cenIer in virIual !crm.
Typically, clcud prcviders wanI Ic c!!er
Ihree, !cur, cr ve di!!erenI service
Iiers and prcvide di!!erenI service level
agreemenIs (SLAs). Ycu can di!!erenIiaIe
laaS clcud services inIc predened
service Iiers as Ihey vary suppcrI c! Ihe
!cllcwing !eaIures.
VirIual machine rescurces
SIcrage !eaIures
ApplicaIicn Iiers
SIaIe!ul services
0ualiIy c! service agreemenIs
The VN0C scluIicn denes cpIicns Ic
di!!erenIiaIe lT clcud services. ln Ihis
re!erence archiIecIure, we call Ihese
clcud services services Iiers. Typically
when we Ialk abcuI service Iiers, we lcck
aI Ihe server CPU and sIcrage cpIicns.
alsc eliminaIes demands !cr pcwer and
cccling wiIhin Ihe ccmpuIing and sIcrage
sysIems, which reduces cverall daIa
cenIer ccsIs.
Beycnd unicaIicn c! Ihe underlying 10
CbE IranspcrI, Ihe Ciscc VN0C makes use
c! virIualized services wiIhin Ihe neIwcrk.
Called Unied NeIwcrk Services*, Ihese
are delivered as VN appliances wiIhin Ihe
Ciscc Unied CcmpuIing SysIem. These
include Ihe Nexus 1000v vSwiIch, Ihe
VSC rewall services and vwAAS. These
virIualized services prcvide ccnIrcl and
visibiliIy Ic Ihe neIwcrk adminisIraIcr
IhaI is c!Ien lcsI when virIualizing
applicaIicns.
C|cud TenanIs and Serv|ce T|ers
A IenanI is an enIiIy IhaI subscribes Ic
clcud services. ln Ihe enIerprise privaIe
clcud deplcymenI mcdel, IhaI enIiIy
is a deparImenI cr subcrganizaIicn,
such as develcpmenI, IesI, research
and develcpmenI, cr human rescurces.
As shcwn in Figure 1B, mulIiple users
in Ihe same deparImenI belcng Ic Ihe
same Ienancy. wiIhin Ihe Ienancy, ycu
can implemenI mulIiple wcrklcads by
di!!erenI users whc belcng Ic Ihe same
deparImenI.
Ycu musI securely separaIe each
IenanI !rcm cIher IenanIs whc share
Ihe ccmmcn virIualized rescurce
pccl. Hcwever, wcrklcads cwned by
cne IenanI will be visible Ic cIhers
unless ycu ccngure rewalls Ic blcck
ccmmunicaIicns amcng di!!erenI
applicaIicns.
ln Ihe public clcud deplcymenI mcdel, a
IenanI is an individual ccnsumer cr grcup
wiIhin an enIerprise subscribing Ic Ihe
virIual privaIe clcud services hcsIed by a
service prcvider.
Clcud prcviders, wheIher service
prcviders cr enIerprises, wanI an laaS
c!!ering wiIh mulIiple !eaIure Iiers and
pricing levels. The clcud is a scurce c!
highly scalable, e!cienI, and elasIic
services accessed cndemand cver Ihe
lnIerneI cr inIraneI. ln Ihe clcud, ccmpuIe,
sIcrage, and neIwcrk hardware are
absIracIed and delivered as a service. End
users cnly ccnsider Ihe !uncIicnaliIy and
value prcvided by Ihe service, Ihey dc
ncI need Ic undersIand cr manage Ihe
underlying Iechnclcgy.
Department R&D Department Dev/Test
User A User B User A User B User C
Web Web DB Web App DB
Multiple Workloads Multiple Workloads
rcnze S||ver c|d
Services Nc addiIicnal
services
Firewall services Firewall and lcad
balancing services
BandwidIh Z0 percenI 30 percenI 40 percenI
SegmenIaIicn 0ne VLAN per
clienI, single VRF
NulIiple VLANs per
clienI, Single VRF
NulIiple VLANs per
clienI, single VRF
0aIa PrcIecIicn Ncne Snap - virIual ccpy
(lccal siIe)
Clcne mirrcr ccpy
(lccal siIe)
0isasIer Reccvery Ncne RemcIe replicaIicn
(wiIh specic RP0/
RT0)
RemcIe replicaIicn
(anypcinI inIime
reccvery)
Z6
F|gure 18. TenanIs and wcrk|cads
Tab|e 4. Exam|e NeIwcrk and DaIa D|fferenI|aI|cns by Serv|ce T|er
Tc address scme c! Ihese new securiIy
challenges and ccncerns, we reccmmend
Ihe deplcymenI c! virIual rewalls aI
Ihe access layer c! Ihe daIa cenIer
in!rasIrucIure Ic creaIe inIraIenanI
zcnes. Ycu shculd alsc use perVLAN
rewalls aI Ihe aggregaIicn layer. Like a
rewall aI Ihe aggregaIicn layer, Layer Z
rewalling can en!crce securiIy amcng
Ihe Iiers c! an applicaIicn.
SIcrage SearaI|cn
Ciscc N0S SAN neIwcrks c!!er
segmenIaIicn mechanisms similar Ic
VLANs in EIherneI. Ciscc calls Ihese
mechanisms VSANs and Ihey wcrk in
ccnjuncIicn wiIh bre channel (FC) zcnes.
DaIa CenIer Sca|ab|||Iy
CapaciIy aI scale, cr elasIiciIy, is an
essenIial aIIribuIe c! clcuds. ElasIiciIy
is Ihe abiliIy Ic scale rescurces up cr
dcwn in minuIes in acccrdance wiIh
service level agreemenIs (SLAs). ElasIiciIy
increases rescurces cndemand and
scales rescurce uIilizaIicn as needed.
This design uses a ccncepI called Pcd Ic
achieve elasIiciIy and Ic simpli!y capaciIy
planning wiIhcuI Ihe disrupIicn c! Ihe
exisIing envircnmenI. A Pcd idenIies
a discreIe, hcmcgencus, mcdular uniI
c! daIa cenIer ccmpcnenIs. Because
Ihey are hcmcgencus and mcdular,
Pcds suppcrI IemplaIes !cr incremenIal
buildcuI c! Ihe daIa cenIer IhaI address
envircnmenIal, physical, lcgical, and
applicaIicn requiremenIs. This mcdular
archiIecIure prcvides a predicIable seI c!
rescurce characIerisIics per uniI IhaI is
added repeaIedly as needed.
lniIially, a cusIcmer implemenIs Ihe daIa
cenIer Ihrcugh Ihe use c! a base Pcd and
expands Ihe daIa cenIer wiIh Ihe addiIicn
c! mcre Pcds. ln Ihe daIa cenIer, Pcd
based archiIecIures prcvide predicIable
rescurce pccls, pcwer, and space
ccnsumpIicn. As shcwn in Figure 19, Ihe
ccre layer is ccmmcn Ic mulIiple Pcds, as
addiIicnal Pcds are needed, Ihe cusIcmer
ccnnecIs Ihem Ic Ihe neIwcrk Ihrcugh
Ihe ccre layer.
BuI i! a web applicaIicn is being hcsIed
in Ihe clcud mcdel, lcad balancing and
rewall inspecIicn are alsc required. Tc
achieve secure separaIicn c! IenanI daIa
Layer Z and Layer 3, ycu musI enable
!eaIures such as virIual rcuIing and
!crwarding (VRF) and VLANs. wiIh Ihis
virIual neIwcrk separaIicn ccngured,
service Iiers ccnIain virIual ccmpuIe,
sIcrage, and neIwcrk rescurces.
This Ciscc VN0C scluIicn qualies a
IhreeIier mcdel c! Brcnze, Silver, and
Ccld Iiers IhaI ccmprise laaS services
(See Table 4). These Iiers dene service
levels !cr ccmpuIe, sIcrage, and neIwcrk
per!crmance.
wiIh Ihe use c! Ihis Iiered mcdel, ycu can
dc Ihe !cllcwing.
0!!er service Iiers wiIh di!!ering
abiliIies
SuppcrI cusIcmer segmenIaIicn
based cn desired service levels and
!uncIicnaliIy
SuppcrI clienIs based cn Iheir
requiremenIs
Allcw !cr di!!erenIiaIed applicaIicn sup
pcrI based cn service Iiers
Secure TenanI SearaI|cn
The !cllcwing design ccnsideraIicns
prcvide secure IenanI separaIicn
5
and
paIh isclaIicn.
NeIwcrk separaIicn
CcmpuIe separaIicn
SIcrage separaIicn
NeIwcrk SearaI|cn
EndIcend virIualizaIicn c! Ihe neIwcrk
requires separaIicn aI each neIwcrk layer
in Ihe archiIecIure. The VN0C design uses
Ihe !cllcwing Iechnclcgies Ic virIualize
Ihe neIwcrk.
lmplemenIaIicn c! neIwcrk Layer 3
(ccre/aggregaIicn) separaIicn is Ihrcugh
Ihe use c! Ciscc VRF LiIe
lmplemenIaIicn c! neIwcrk Layer Z (ac
cess) separaIicn is Ihrcugh Ihe use c!
VLANs
lmplemenIaIicn c! neIwcrk services
(!irewall and lcad balancing services)
separaIicn is Ihrcugh Ihe use c! Ihe
Ciscc FwSN and Ihe Ciscc ACE service
mcdule
lmplemenIaIicn c! Ihe IenanI paIh
isclaIicn is Ihrcugh Ihe use c! virIual
privaIe neIwcrks (VPNs) using VRF LiIe
Iechnclcgy
lmplemenIaIicn c! clienIserver Ira!!ic
separaIicn is Ihrcugh Ihe use c! Ihe !cl
lcwing Iechnclcgies.
0edicaIed virIual !irewall ccnIexI cn
Ihe !irewall mcdule IhaI belcngs Ic
a parIicular IenanI is used Ic prcvide
Ira!!ic inspecIicn
00S aIIack prevenIicn
L47 prcIcccl inspecIicn
ACLs Ic ccnIrcl whaI ccmes Ihcugh
Ihe !irewall
The VN0C !irewall mcdel emplcys
a Iiered mcdel. The service Iiers
are mapped Ic secured access
mechanisms, which include secure
scckeIs layer (SSL), mulIiprcIcccl
label swiIching (NPLS), and lnIerneI
prcIcccl securiIy (lPSec) VPNs.
CcmuIe SearaI|cn
VirIualizaIicn inIrcduces new securiIy
challenges and ccncerns. TradiIicnally,
securiIy pclicies were applied aI Ihe
physical server level. Hcwever, as physical
hcsIs can ncw ccnIain mulIiple lcgical
servers, pclicy musI be applied aI Ihe
VN level. Alsc, new Iechnclcgies, such as
vNcIicn, inIrcduced VN mcbiliIy wiIhin a
clusIer where pclicies !cllcw VNs as Ihey
are mcved acrcss swiIch pcrIs and amcng
hcsIs.
Finally, virIual ccmpuIing ccnIinues
Ic aggregaIe higher densiIies c! VNs.
This highdensiIy mcdel !crces us Ic
reccnsider rewall scale requiremenIs
aI Ihe aggregaIicn layer c! Ihe neIwcrk.
The resulI is IhaI highdensiIy ccmpuIe
archiIecIures may require Ihe disIribuIicn
c! securiIy pclicies Ic Ihe access layer.
Z7
space, cr neIwcrk equipmenI, clienIs
insIead buy Ihcse rescurces as a !ully
cuIscurced service. Suppliers Iypically bill
such services cn a uIiliIy ccmpuIing basis
and Ihe amcunI c! rescurces ccnsumed
(and Ihere!cre Ihe ccsI) will Iypically
redecI Ihe level c! acIiviIy. Frcm. hIIp.//
en.wikipedia.crg/wiki/Clcud_ccmpuIing.
lnteI AE5: lnIel' Advanced EncrypIicn
SIandard (AES) Technclcgy enables
rcbusI encrypIicn wiIhcuI Ihe need
!cr addiIicnal appliances and increased
per!crmance cverhead. This Iechnclcgy
imprcves CPU per!crmance !cr encrypIicn
by as much as a 5Z percenI !cr secure
lnIerneI IransacIicns and allcws brcader
use c! encrypIicn IhrcughcuI Ihe daIa
cenIer.
lnteI Pl: lnIel' 0uickPaIh Technclcgy is
a scalable, shared memcry archiIecIure
IhaI delivers a high memcry bandwidIh Ic
enable Icp per!crmance !cr bandwidIh
inIensive applicaIicns. lI prcvides high
speed pcinIIcpcinI ccnnecIicns beIween
prccesscrs, and beIween prccesscrs
and Ihe l/0 hub. Each prccesscr has iIs
cwn dedicaIed memcry IhaI iI accesses
direcIly Ihrcugh an lnIegraIed Nemcry
CcnIrcller. ln cases where a prccesscr
needs Ic access Ihe dedicaIed memcry c!
ancIher prccesscr, iI can dc sc Ihrcugh a
highspeed lnIel' 0uickPaIh lnIerccnnecI
(lnIel 0Pl) IhaI links all Ihe prccesscrs.
H|gh Ava||ab|||Iy
Clcud daIa cenIers c!!er laaS Ic eiIher
inIernal enIerprise cusIcmers cr Ic
exIernal cusIcmers c! service prcviders.
CusIcmers ccnIrcl Ihe services Ihrcugh
Ihe use c! SLAs, which can be sIricIer
in service prcvider deplcymenIs Ihan
in an enIerprise. A highly available daIa
cenIer in!rasIrucIure is Ihe !cundaIicn
c! SLA guaranIees and success!ul clcud
deplcymenI.
An endIcend, highly available neIwcrk
in!rasIrucIure design prcvides predicIable
cperaIicnal ccnIinuiIy. Because
crganizaIicns musI saIis!y SLAs made !cr
business applicaIicn upIime, Ihey canncI
lcse ccnnecIiviIy due Ic equipmenI
dcwnIime. There!cre, Ihe daIa cenIer
design musI ensure IhaI a single hardware
!ailure in Ihe neIwcrk dces ncI a!!ecI Ihe
clcud subscribers' service. The Ciscc VN0C
uIilizes Ihe !cllcwing Iechniques Ic creaIe
a highly available and resilienI endIcend
in!rasIrucIure.
Physical redundancy
Ncde redundancy
Hardware redundancy wiIh Ihe ncde
Link redundancy
Access layer Iechnclcgies such as sys
Iem pcsIure Ickens (SPTs)
CcmpuIe layer Iechnclcgies
UCS endhcsI mcde
Ciscc Nexus 1000V and NACpinning
RedundanI VSNs in acIivesIandby
mcde
High availabiliIy wiIhin Ihe clusIer
AuIcmaIed disasIer reccvery plans
Serv|ce Assurance
Tcday, laaS SLAs c!Ien emphasize service
availabiliIy. 0i!!erenIiaIed service levels
requiremenIs exisI because specic
applicaIicns cr Ira!c may require
pre!erenIial IreaImenI wiIhin Ihe clcud.
Scme applicaIicns are missicn criIical, and
scme are inIeracIive, while cIhers are bulk
cr uIilized simply !cr devIesI purpcses.
This di!!erenIiaIed IreaImenI ensures
IhaI in Ihe evenI c! ccngesIicn cr !ailure
ccndiIicns, criIical Ira!c is prcvided a
su!cienI amcunI c! bandwidIh Ic meeI
IhrcughpuI requiremenIs. TradiIicnally,
an SLA !ramewcrk includes ccnsideraIicn
c! bandwidIh, delay, jiIIer, and lcss per
service class.
|cssary
ACE: The Ciscc ACE service mcdule
prcvides server lcad balancing and scurce
NAT (SNAT).
D5N: The Ciscc 0aIa CenIer Services
Ncde (0SN) is a Ciscc CaIalysI 6500
Series SwiIch wiIh FwSN and ACE service
mcdules dedicaIed Ic securiIy and server
lcad balancing !uncIicns.
FCoE: Fibre Channel cver EIherneI
lniIializaIicn PrcIcccl c!!ers Ihe capabiliIy
Ic IranspcrI Fibre Channel paylcads cn
Icp c! an EIherneI neIwcrk.
Fw5M: The Ciscc Firewall Services Ncdule
(FwSN) prcvides Layer Z and Layer 3
rewall inspecIicn, prcIcccl inspecIicn,
and neIwcrk address IranslaIicn (NAT).
laa5: Clcud in!rasIrucIure services, alsc
kncwn as ln!rasIrucIure as a Service
(laaS), delivers ccmpuIer in!rasIrucIure
Iypically a plaI!crm virIualizaIicn
envircnmenI as a service. RaIher Ihan
purchasing servers, sc!Iware, daIa cenIer
ZB
F|gure 19. Pcd Exans|cn CcnceI
lnteI' TXT: lnIel' TrusIed ExecuIicn
Technclcgy (lnIel' TXT) addresses
a criIical securiIy need !cr all server
deplcymenIs, especially virIualized
and clcudbased use mcdels as iI
helps Ic prcIecI servers pricr Ic 0S
launch cr hyperviscr launch. lnIel' TXT
ccmplemenIs cIher malware prcIecIicns
such as anIivirus and inIrusicn deIecIicn
Ic help ensure IhaI cnly IrusIed sc!Iware
is cn Ihe plaI!crm. lnIel' TXT prcIecIs
VNs cn IrusIed plaI!crms, sc ycu can
easily migraIe Ihem cnIc cIher IrusIed
plaI!crms cr creaIed pccls c! plaI!crms
wiIh IrusIed hyperviscrs.
lnteI VT-c: lnIel' VirIualizaIicn Technclcgy
!cr CcnnecIiviIy (lnIel VTc) enhances
server l/0 scluIicns by inIegraIing
exIensive hardware assisIs inIc Ihe l/0
devices IhaI are used Ic ccnnecI servers
Ic Ihe daIa cenIer neIwcrk and sIcrage
in!rasIrucIure. Twc Iechnclcgies ccmprise
lnIel VTc. VirIual Nachine 0evice 0ueues,
which acceleraIes IhrcughpuI and
reduces Ihe lcad cn Ihe VNN and server
prccesscrs, and PClSlC SRl0V, which
delivers nearnaIive IhrcughpuI and
prcvides dedicaIed, direcI ccnnecIiviIy
beIween VNs and hardware rescurces.
lnteI VT-d: lnIel' VirIualizaIicn Technclcgy
!cr 0irecIed l/0 (lnIel VTd) helps speed
daIa mcvemenI and eliminaIes much c!
Ihe per!crmance cverhead as iI gives
designaIed virIual machines Iheir cwn
dedicaIed l/0 devices, which reduces
Ihe cverhead c! Ihe VNN Ic manage l/0
Ira!c.
lnteI VT-x: lnIel' VirIualizaIicn Technclcgy
(lnIel VTx) prcvides hardware assisIed
pageIable managemenI, which allcws
guesI 0S mcre direcI access Ic Ihe
hardware and reduces ccmpuIeinIensive
sc!Iware IranslaIicn !rcm Ihe VNN. lnIel
VTx alsc includes lnIel VT FlexNigraIicn
and lnIel VT FlexPricriIy, which are
capabiliIies !cr dexible wcrklcad migraIicn
and per!crmance cpIimizaIicn acrcss Ihe
!ull range c! 3ZbiI and 64biI cperaIing
envircnmenIs.
NA5: NeIwcrk AIIached SIcrage is a
sIcrage server cr appliance IhaI uses
lebased prcIcccls such as NFS cr ClFS
Ic enable clienIs (Iypically servers and
PCs) Ic access les cver a TCP/lP neIwcrk.
Frcm. hIIp.//en.wikipedia.crg/wiki/
NeIwcrkaIIached_sIcrage.
NlC: A neIwcrk inIer!ace card is hardware
IhaI enables a server Ic inIer!ace Ic an
EIherneI cr TCP/lP lccal area neIwcrk
(LAN). An NlC is ncI necessarily a card in
Ihe server, iI can be inIegraIed as LAN cn
a server mcIherbcard (L0N).
Paa5: Clcud plaI!crm services cr
PlaI!crm as a Service (PaaS) deliver
a ccmpuIing plaI!crm and/cr scluIicn
sIack as a service, which c!Ien ccnsumes
clcud in!rasIrucIure and susIains clcud
applicaIicns. lI !aciliIaIes deplcymenI
c! applicaIicns wiIhcuI Ihe ccsI and
ccmplexiIy c! buying and managing Ihe
underlying hardware and sc!Iware layer.
Frcm. hIIp.//en.wikipedia.crg/wiki/Clcud_
ccmpuIing.
Pod: Ciscc VN0C Pcdbased archiIecIure
prcvides neIwcrk archiIecIs Ihe abiliIy Ic
mcdularize Ihe in!rasIrucIure inIc easily
replicable uniIs called a pcinI c! delivery
(Pcd). ArchiIecIs can plan !cr an iniIial
Pcd, which guaranIees a cerIain scale and
per!crmance alcng wiIh a scalable daIa
cenIer ccre neIwcrk. This archiIecIure
prcvides a predicIable and hcmcgenecus
meIhcd Ic add sel!ccnIained Pcds as
addiIicnal rescurces are necessary.
o5: 0ualiIy c! Service (0cS) is a
mechanism Ic dene clcud service
qualiIy. Tc Iailcr wcrklcad cr applicaIicn
requiremenIs Ic specic cusIcmer needs,
Ihe clcud prcvider can di!!erenIiaIe
services wiIh a mulIiIiered service
in!rasIrucIure and qualiIy c! service (0cS)
seIIings. CusIcmers can use and purchase
such services under a variable pricing
mcdel.
5aa5: Sc!Iware as a Service (SaaS)
delivers sc!Iware as a service cver Ihe
lnIerneI, which eliminaIes Ihe need Ic
insIall and run Ihe applicaIicn cn Ihe
cusIcmer's cwn ccmpuIers and simplies
mainIenance and suppcrI. Frcm. hIIp.//
en.wikipedia.crg/wiki/Clcud_ccmpuIing
5AN: A sIcrage area neIwcrk is a sIcrage
server cr appliance IhaI uses blcckbased
prcIcccls Iypically based cn SCSl Ic
access les cver a Fibre Channel cr TCP/
lP neIwcrk. Frcm. hIIp.//en.wikipedia.crg/
wiki/SIcrage_area_neIwcrk.
5ervice Tier: Ciscc VN0C re!erence
archiIecIure denes a IhreeIier mcdel
c! Brcnze, Silver, and Ccld Iiers IhaI
ccmprcmises laaS services. These Iiers
dene service levels !cr ccmpuIe, sIcrage,
and neIwcrk per!crmance.
5LA: Service level agreemenIs (SLAs)
dene Ihe suppcrI levels in clcud services.
Typically, clcud prcviders wanI Ic c!!er
Ihree, !cur, cr ve di!!erenI service
Iiers and prcvide di!!erenI service level
agreemenIs (SLAs). laaS clcud services
can be di!!erenIiaIed inIc predened
service Iiers when Ihey vary suppcrI c!
Ihe !cllcwing !eaIures. virIual machine
rescurces, sIcrage !eaIures, applicaIicn
Iiers, sIaIe!ul services, and neIwcrk
bandwidIh.
Tenant: A IenanI is an enIiIy IhaI
subscribes Ic clcud services. Each
IenanI musI be securely separaIed !rcm
cIher IenanIs whc share Ihe ccmmcn
virIualized rescurce pccl. Hcwever,
wcrklcads cwned by cne IenanI will
be visible Ic cIhers unless rewalls are
ccngured Ic blcck ccmmunicaIicns
amcng di!!erenI applicaIicns.
UC5: Ciscc Unied CcmpuIing SysIem(UCS)
is a daIa cenIer plaI!crm IhaI uniIes
ccmpuIing, neIwcrking, sIcrage access,
and virIualizaIicn inIc a cchesive sysIem,
and inIegraIes a lcwlaIency, lcssless 10
CigabiI EIherneI unied neIwcrk !abric
wiIh enIerpriseclass, xB6archiIecIure
servers.
Z9
implemenIaIicn, each rcuIer wiIhin Ihe
neIwcrk parIicipaIes in Ihe virIual rcuIing
envircnmenI in a peerbased !ashicn.
Frcm. hIIp.//en.wikipedia.crg/wiki/VRF.
VPN: A virIual privaIe neIwcrk (VPN) is
a ccmpuIer neIwcrk IhaI uses a public
IeleccmmunicaIicn in!rasIrucIure such
as Ihe lnIerneI Ic prcvide remcIe c!ces
cr individual users wiIh secure access
Ic Iheir crganizaIicn's neIwcrk. lI aims
Ic avcid an expensive sysIem c! cwned
cr leased lines accessible Ic cnly cne
crganizaIicn. Frcm. hIIp.//en.wikipedia.
crg/wiki/VirIual_privaIe_neIwcrk.
V5C: Ciscc VirIual SecuriIy CaIeway*
(VSC*) !cr Ciscc Nexus 1000V Series
SwiIches* is a virIual appliance IhaI
secures and prcvides IrusIed access Ic
virIualized daIa cenIers in enIerprise
and clcud prcvider envircnmenIs and aI
Ihe same Iime meeIs Ihe requiremenIs
c! dynamic pclicydriven cperaIicns,
mcbiliIyIransparenI en!crcemenI, and
scalecuI deplcymenI !cr dense mulIi
Ienancy.
vwAA5: Ciscc VirIual wide Area
ApplicaIicn Services (vwAAS) is a
clcudready wAN cpIimizaIicn scluIicn
IhaI acceleraIes applicaIicns delivered
!rcm privaIe and virIual privaIe clcud
in!rasIrucIure, Ihrcugh Ihe use c! pclicy
based cndemand crchesIraIicn.
vCPU: VirIual CPU (vCPU) is an enIiIy IhaI
ccrrespcnds Ic a physical CPU in a guesI
VN. l! Ihe sysIem has n ccres, Ihen Ihe
maximum number c! vCPUs IhaI can be
allccaIed Ic a guesI is n.
VLAN: A virIual LAN, ccmmcnly kncwn as
a VLAN, is a grcup c! hcsIs wiIh a ccmmcn
seI c! requiremenIs IhaI ccmmunicaIe
as i! Ihey were aIIached Ic Ihe same
brcadcasI dcmain, regardless c! Iheir
physical lccaIicn. A VLAN has Ihe same
aIIribuIes as a physical LAN, buI iI allcws
!cr end sIaIicns Ic be grcuped IcgeIher
even i! Ihey are ncI lccaIed cn Ihe same
neIwcrk swiIch. Ycu can achieve neIwcrk
reccnguraIicn Ihrcugh sc!Iware insIead
c! by Ihe physical relccaIicn c! devices.
Frcm. hIIp.//en.wikipedia.crg/wiki/
VlanVRF.
VM: A virIual machine (VN) is a sc!Iware
implemenIaIicn c! a machine (i.e. a
ccmpuIer) IhaI execuIes insIrucIicns (ncI
prcgrams) like a physical machine.
Frcm. hIIp hIIp.//en.wikipedia.crg/wiki/
VirIual_machine.
vMotion: vNcIicn Iechnclcgy enables VN
mcbiliIy wiIhin a clusIer, where pclicies
!cllcw VNs as Ihey mcve acrcss swiIch
pcrIs and amcng hcsIs.
VMDC: Ciscc VirIualized NulIiIenanI 0aIa
CenIer (VN0C) scluIicn is a re!erence
laaS archiIecIure IhaI brings IcgeIher
ccre prcducIs and Iechnclcgies !rcm
Ciscc, NeIApp, ENC, BNC, and VNware
Ic deliver a ccmprehensive endIcend
clcud scluIicn. Fccused cn laaS clcud
deplcymenI, Ihe Ciscc VirIualized NulIi
IenanI 0aIa CenIer (VN0C) scluIicn,
versicn Z.0, prcvides cusIcmers wiIh
rcbusI, scalable, and resilienI cpIicns
!cr clcud daIa cenIer deplcymenIs. This
Cisccdriven, endIcend archiIecIure
denes hcw Ic prcvisicn dexible, dynamic
pccls c! virIualized rescurces IhaI ycu
can share e!cienIly and securely amcng
di!!erenI IenanIs and prcvisicn quickly
Ihrcugh prccess auIcmaIicn. Prccess
auIcmaIicn reduces rescurce prcvisicning
and imprcves IimeIcmarkeI (TTN) !cr
laaSbased services. Shared rescurce
pccls ccnsisI c! virIualized Ciscc unied
ccmpuIe and virIualized SAN and NAS
sIcrage plaI!crms ccnnecIed Ihrcugh
Ihe use c! Ciscc daIa cenIer swiIches and
rcuIers.
VRF. ln lPbased ccmpuIer neIwcrks,
VirIual RcuIing and Fcrwarding (VRF) is a
Iechnclcgy IhaI allcws mulIiple insIances
c! a rcuIing Iable Ic ccexisI wiIhin Ihe
same rcuIer aI Ihe same Iime. Because
Ihe rcuIing insIances are independenI,
ycu can use Ihe same cr cverlapping
lP addresses wiIhcuI ccndicIing wiIh
each cIher. The simplesI !crm c! VRF
implemenIaIicn is VRF LiIe. ln Ihis
0aIa CenIer Service PaIIerns hIIp.//
www.ciscc.ccm/en/US/dccs/scluIicns/
EnIerprise/0aIa_CenIer/0C_3_0/dc_
serv_paI.hIml
5. 0esigning Secure NulIiTenancy inIc
VirIualized 0aIa CenIers
hIIp.//www.ciscc.ccm/en/US/neIscl/
ns1050/neIwcrking_scluIicns_sub_
prcgram_hcme.hIml
EndncIes
1. SecuriIy and VirIualizaIicn in Ihe 0aIa
CenIer hIIp.//www.ciscc.ccm/en/US/
dccs/scluIicns/EnIerprise/0aIa_CenIer/
0C_3_0/dc_sec_design.hIml
Z. lnIel Xecn prccesscrs.
hIIp.//www. inIel.ccm/xecn
3. lnIel lnIernal measuremenIs using a
web banking wcrklcad running PHP and
windcws Server Z00B RZ, ccmparing
number c! banking sessicns (users) !cr an
lnIel' Xecn' prccesscr X56B9 (3.33 CHz)
vs. lnIel' Xecn' prccesscr X5570 (Z.93
CHz).
4. 0aIa CenIer 0esign-lP NeIwcrk
ln!rasIrucIure
hIIp.//www.ciscc.ccm/en/US/
dccs/scluIicns/EnIerprise/0aIa_
CenIer/0C_3_0/0C3_0_lPln!ra.
hIml#wp1043B4B
30
Tc learn mcre abcuI deplcymenI c! clcud scluIicns,
visiI www.inIel.ccm/clcudbuilders
D|sc|a|mers
A lrle| processor ruroers are rol a reasure ol perlorrarce. Processor ruroers d|llererl|ale lealures W|lr|r eacr processor lar||y, rol across d|llererl processor lar|||es. 3ee WWW.|rle|.cor/producls/processor_ruroer lor dela||s.
lyper-Trread|rg Tecrro|ogy requ|res a corpuler sysler W|lr a processor supporl|rg lT Tecrro|ogy ard ar lT Tecrro|ogy-erao|ed cr|psel, 8l03 ard operal|rg sysler. Perlorrarce W||| vary deperd|rg or lre spec|lc rardWare ard
sollWare you use. For rore |rlorral|or |rc|ud|rg dela||s or Wr|cr processors supporl lT Tecrro|ogy, see rllp://WWW.|rle|.cor/lecrro|ogy/p|allorr-lecrro|ogy/ryper-lrread|rg/|rdex.rlr
No corpuler sysler car prov|de aoso|ule secur|ly urder a|| cord|l|ors. lrle| Trusled Execul|or Tecrro|ogy (lrle| TXT) requ|res a corpuler sysler W|lr lrle| v|rlua||zal|or Tecrro|ogy, ar lrle| TXT-erao|ed processor, cr|psel, 8l03,
Aulrerl|caled Code Vodu|es ard ar lrle| TXT-corpal|o|e reasured |aurcred erv|rorrerl (VLE). Tre VLE cou|d cors|sl ol a v|rlua| racr|re ror|lor, ar 03 or ar app||cal|or. lr add|l|or, lrle| TXT requ|res lre sysler lo corla|r a TPV
v1.2, as delred oy lre Trusled Corpul|rg 0roup ard spec|lc sollWare lor sore uses. For rore |rlorral|or, see rllp://WWW.|rle|.cor/lecrro|ogy/secur|ly/
lrle| Turoo 8oosl Tecrro|ogy requ|res a PC W|lr a processor W|lr lrle| Turoo 8oosl Tecrro|ogy capao|||ly. lrle| Turoo 8oosl Tecrro|ogy perlorrarce var|es deperd|rg or rardWare, sollWare ard overa|| sysler corlgural|or. Crec| W|lr
your PC rarulaclurer or Wrelrer your sysler de||vers lrle| Turoo 8oosl Tecrro|ogy.For rore |rlorral|or, see rllp://WWW.|rle|.cor/lecrro|ogy/lurooooosl.
lrle| v|rlua||zal|or Tecrro|ogy requ|res a corpuler sysler W|lr ar erao|ed lrle| processor, 8l03, v|rlua| racr|re ror|lor (vVV) ard, lor sore uses, cerla|r corpuler sysler sollWare erao|ed lor |l. Furcl|ora||ly, perlorrarce or olrer
oerells W||| vary deperd|rg or rardWare ard sollWare corlgural|ors ard ray requ|re a 8l03 updale. 3ollWare app||cal|ors ray rol oe corpal|o|e W|lr a|| operal|rg syslers. P|ease crec| W|lr your app||cal|or verdor.
lNF0RVATl0N lN Tll3 00CuVENT l3 PR0vl0E0 lN C0NNECTl0N wlTl lNTEL PR00uCT3. N0 LlCEN3E, EXPRE33 0R lVPLlE0, 8Y E3T0PPEL 0R 0TlERwl3E, T0 ANY lNTELLECTuAL PR0PERTY Rl0lT3 l3 0RANTE0
8Y Tll3 00CuVENT. EXCEPT A3 PR0vl0E0 lN lNTEL'3 TERV3 AN0 C0N0lTl0N3 0F 3ALE F0R 3uCl PR00uCT3, lNTEL A33uVE3 N0 LlA8lLlTY wlAT30EvER, AN0 lNTEL 0l3CLAlV3 ANY EXPRE33 0R lVPLlE0
wARRANTY, RELATlN0 T0 3ALE AN0/0R u3E 0F lNTEL PR00uCT3 lNCLu0lN0 LlA8lLlTY 0R wARRANTlE3 RELATlN0 T0 FlTNE33 F0R A PARTlCuLAR PuRP03E, VERClANTA8lLlTY, 0R lNFRlN0EVENT 0F ANY PAT-
ENT, C0PYRl0lT 0R 0TlER lNTELLECTuAL PR0PERTY Rl0lT. uNLE33 0TlERwl3E A0REE0 lN wRlTlN0 8Y lNTEL, TlE lNTEL PR00uCT3 ARE N0T 0E3l0NE0 N0R lNTEN0E0 F0R ANY APPLlCATl0N lN wllCl TlE
FAlLuRE 0F TlE lNTEL PR00uCT C0uL0 CREATE A 3lTuATl0N wlERE PER30NAL lNJuRY 0R 0EATl VAY 0CCuR.
lrle| ray ra|e crarges lo spec|lcal|ors ard producl descr|pl|ors al ary l|re, W|lroul rol|ce. 0es|grers rusl rol re|y or lre aoserce or craracler|sl|cs ol ary lealures or |rslrucl|ors rar|ed 'reserved or 'urdelred. lrle| reserves lrese lor
lulure delr|l|or ard sra|| rave ro respors|o|||ly Wralsoever lor corl|cls or |rcorpal|o|||l|es ar|s|rg lror lulure crarges lo lrer. Tre |rlorral|or rere |s suojecl lo crarge W|lroul rol|ce. 0o rol lra||ze a des|gr W|lr lr|s |rlorral|or.
Tre producls descr|oed |r lr|s docurerl ray corla|r des|gr delecls or errors |roWr as errala Wr|cr ray cause lre producl lo dev|ale lror puo||sred spec|lcal|ors. Currerl
craracler|zed errala are ava||ao|e or requesl. Corlacl your |oca| lrle| sa|es ollce or your d|slr|oulor lo oola|r lre |alesl spec|lcal|ors ard oelore p|ac|rg your producl order. Cop|es
ol docurerls Wr|cr rave ar order ruroer ard are relererced |r lr|s docurerl, or olrer lrle| ||leralure, ray oe oola|red oy ca|||rg 1-800-518-1Z25, or oy v|s|l|rg lrle|'s weo s|le al
WWW.|rle|.cor.
Copyr|grl @ 2010 lrle| Corporal|or. A|| r|grls reserved. lrle|, lre lrle| |ogo, lrle| Xeor, lrle| Xeor |rs|de, lrle| Turoo 8oosl Tecrro|ogy, lrle| lyper-Trread|rg Tecrro|ogy, lrle|
0u|c|Palr Tecrro|ogy, lrle| lrle|||gerl PoWer Tecrro|ogy, lrle| v|rlua||zal|or Tecrro|ogy, lrle| Advarced Ercrypl|or 3lardard Tecrro|ogy, ard lrle| Trusled Execul|or Tecrro|ogy
are lraderar|s ol lrle| Corporal|or |r lre u.3. ard olrer courlr|es.
0lrer rares ard orards ray oe c|a|red as lre properly ol olrers.

Pr|rled |r u3A 1010/3K/PRw/P0F P|ease Recyc|e 32111-001 u3

Cloud Computing Xeon Cisco Virtualized Data Center Reference Architecture Guide

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Cloud Computing Xeon Cisco Virtualized Data Center Reference Architecture Guide

Hochgeladen von

Copyright:

Verfügbare Formate

Unied NeIwcrking wiIh Ciscc* VirIualized NulIiTenanI 0aIa CenIer*

AUDIENCE AND PUPP0SE

Das könnte Ihnen auch gefallen