CloudPlex Architecture

8/2/2019 CloudPlex Architecture

1/19

Scalable Virtual Desktop InfrastructureUsing Brocades CloudPlex Architecture

Technical Overview

This paper describes how Brocades CloudPlex architecture enables

large-scale deployment of virtual desktop infrastructure: tens of

thousands of desktops on a global scale. It identifies the challenges in

the data center, campus LAN and wide area networks that need to beconsidered and reviews how key elements of the CloudPlex architecture

including fabrics, open systems and global reach, effectively meet

these challenges.


2/19

NETWORK MANAGEMENT TECHNICAL BRIEF

Scalable Virtual Desktop Infrastructure Using Brocades CloudPlex Architecture 2 of 19

CONTENTS

The Importance of a Virtual Desktop..........................................................................................................................................................................................3Challenges of Large Scale VDI Deployment ............................................................................................................................................................................3

Impact on the Data Center..............................................................................................................................................3Impact on the Campus LAN ............................................................................................................................................4Impact on the Wide Area Network..................................................................................................................................5

Brocade CloudPlex Architecture...................................................................................................................................................................................................5CloudPlex is Fabric-Based...............................................................................................................................................6CloudPlex Is Open............................................................................................................................................................7

Virtual Compute Block .............................................................................................................................................8OpenStack ................................................................................................................................................................8OpenFlow..................................................................................................................................................................8

CloudPlex is Global ..........................................................................................................................................................8Applying the CloudPlex Architecture to Large-Scale VDI Deployment ...........................................................................................................................9

Brocade Virtual Cluster Switching ..................................................................................................................................9Brocade Virtual Compute Blocks ................................................................................................................................. 10

VCB Integration with VMware View..........................................................................................................................................................................................11Pre-tested, Factory Integrated Components for Fast Time to Service ...................................................................... 12Fabric-based Scale-out Architecture ........................................................................................................................... 13

Other Requirements for Large Scale VDI Deployments...................................................................................................................................................13Integration with Campus LAN....................................................................................................................................... 13Integration with WAN .................................................................................................................................................... 14Integration of Security Services...................................................................................................................................14Access Control and Transparent Support of IPv4 and IPv6 Devices......................................................................... 15Monitoring, Management and Traffic Analysis ...........................................................................................................15Scaling Out the VCB Solution for VMware View .......................................................................................................... 17

Testing VCB for Scalability and Supportability......................................................................................................................................................................18Summary...........................................................................................................................................................................................................................................19


3/19



THE IMPORTANCE OF A VIRTUAL DESKTOP

Desktop computing is ubiquitous and represents a growing cost for IT. Updating operating systems and

applications has become very time consuming and costly while securing access to data has become more

complex. Virtual Desktop Infrastructure (VDI) offers a solution. VDI separates the desktop operating system

and application configuration from the physical device. Instead of managing individual desktop devices in a

distributed manner, the software stacks (operating system plus applications and configuration settings) are

hosted in the data center using a master catalog of pre-built and tested configurations. Users are assigned

to a particular standard configuration that supports their role. When they connect to the VDI environment,

applications run on virtual servers with screen updates pushed over the network (campus LAN or WAN) to

the users display. Users can use a less expensive device, such as thin or zero clients, to attach to the

network while accessing the familiar desktop environment and applications they have when using a

traditional desktop or laptop PC, or they can use their PC with images pushed to them upon login.

Hosting the desktop operating system and applications in the data center simplifies change control,

configuration management, disaster recovery and can lower power consumption since thin clients are more

power efficient than full functioned personal computers. Of course, VDI has to deliver a user experience that

is comparable to the one expected with a full function PC. From a user perspective, latency is a critical

metric of user experience. Clearly, VDI has attractive advantages.

But, VDI has to be built on top of an architecture that can scale, quickly migrate desktops and user databetween data centers when needed, while simplifying management and configuration. Hence, VDI relies on

a network architecture that cost-efficiently supports these requirements. These considerations are

especially relevant when scaling VDI to tens of thousands of users located anywhere in the world. In short, a

cloud computing architecture is ideal for VDI as it enables global client mobility as well as on-demand

scalability. Brocade has an architecture for cloud computing called CloudPlex that can be applied

successfully to large-scale VDI deployments. This paper discusses the CloudPlex architecture and then

shows how it has been applied to VDI solutions in conjunction with our partners.

CHALLENGES OF LARGE SCALE VDI DEPLOYMENT

Although VDI offers a solution to long-standing problems associated with cost-effective management of

desktop computing environments, it also creates network challenges, particularly when deployed on a

continental or global scale. To better understand the requirements, its helpful to break the network into

three segments: the datacenter, the campus/LAN and the WAN. Each is impacted by the shift in traffic

created by VDI solutions and in turn the limitations of each affect the overall network design.

Impact on the Data Center

Server virtualization affords a cost-effective way to host large numbers of VDI instances. Combined with

image management software to clone operating system and application configurations, a virtual machine

can be created with a standard desktop configuration. As a client initiates a connection, the session is

directed to an available virtual machine with an image specific to the user so they access their own

desktop, applications and storage. A pool of available VMs can quickly meet new demands, and VMs can be

removed from the pool and unnecessary physical servers can be powered down to minimize power and

cooling during periods of low demand.

Server virtualization has affected the data center in many ways. Most striking is the growing need to update

the network to meet the unique demands of virtual servers. For example, virtual machines are moved

across physical servers for various reasons including load balancing, power management, maintenance and

updates, etc. This is one of the attractive benefits of server virtualization as moving a VM does not cause

any disruption to the application running inside the virtual machine. However, networks were not designed

with this capability in mind. Networks assume applications are fixed to specific servers that in turn are

physically attached to the network and rarely change where they connect in the network. With virtual

machine mobility, this is no longer the case. Traffic loads change, static network policies tied to physical


4/19



ports can move, and small layer 2 switching domains restrict virtual machine mobility, limiting its benefits.

The advantages of virtual machine mobility apply to large-scale VDI deployments as well.

As more applications take advantage of server virtualization, both the IP network and storage networks

need to provide more bandwidth to the server. With 10 or 20 applications running on a single server that

used to host only one, the network bandwidth grows considerably. And, as connections are used to share

both IP and storage traffic, logical isolation of traffic becomes important so issues with one type of trafficcant disrupt other types. This has driven higher bandwidth connections to servers and more bandwidth

between network switches and routers. Quality of Service for both IP and storage networks has become

much more common as it provides the tools required for logical traffic isolation on a shared network.

One other area that has changed is the traffic patterns in the data center network. In the past with many

remote clients accessing an application on a single server, most network traffic was north-south moving

between the access layer where the data center servers are through an aggregation layer and then routing

to the core to the campus LAN or WAN networks. Data center networks could have high oversubscription

ratios across these three tiers (access, aggregation, and core). But today, with new Web 2.0 applications,

server virtualization using live virtual machine migration and storage traffic running over the IP network,

there is a lot of east-west traffic that must efficiently move across the layer-2 LAN network. This is driving

changes in Ethernet that is the primary layer 2 technology. Problems include Spanning Tree protocol

limitations on scalability and resiliency, static network policies that cant keep up with virtual machinemigration and the complexity of configuration and management as more layers and devices are added at

layer 2.

Another important consideration is storage. Direct attach storage captive inside the server is insufficient.

For VDI, shared storage pools connected to a storage network are required as virtual machines host the VDI

environment and they require shared access to a common storage pool. Many storage features can be

effectively leveraged to simplify operations and reduce cost, including thin provisioning, de-duplication,

block level replication for cloning and disaster recovery, snapshot for on-line backup and duplication and

solid state disk for high performance. Brocade has a long history in the storage market as a pioneer of Fibre

Channel networking, the first scalable solution for shared storage. Today, Brocades fabric technology is

available and supported by all major storage vendors for every type of block access storage network

protocol including Fibre Channel, iSCSI and Fibre Channel over Ethernet (FCoE), as well as file accessed

storage using NFS and CIFS. The Virtual Compute Block architecture discussed later is flexible and able tosupport all block storage and file access protocols. A single VCB configuration can incorporate one or more

types of block storage and all storage vendor provided storage optimization features. Cost-effective

solutions of VCB modules can be easily deployed side-by-side, or specific storage network protocols and

storage arrays can be used in different environments to meet varying environmental, operational,

performance and cost requirements.

Security is of course an important requirement particularly in the network. Firewalls, load balancers,

intrusion detection and protection, virus detection are all critical elements of the network. With VDI, security

must now extend to desktop application traffic where previously that traffic never left the desktop or laptop

computer. Therefore, security services have to scale to support much higher traffic rates. Higher

performance and reliability are clearly important design requirements. Configuration of security policies

must be consistent and encryption services such as secure sockets layer (SSL) must be relied on to protect

information flowing between thin clients and the applications hosted in the data center.

Impact on the Campus LAN

With VDI, the traffic on the campus LAN will increase due to application traffic now flowing from the

thin/zero clients to the application hosted in a virtual machine in the data center. More bandwidth, low

latency and higher availability are essential to the VDI user experience. Users wont tolerate sluggish

response or lack of access to their personal applications and data. Redundancy of paths, ports and network

switches are therefore important in the design of the campus LAN. One other valuable capability is Power

over Ethernet (POE) support. With POE, thin/zero client devices that attach to the campus network receive


5/19



the power they need from the same Ethernet connection used to attach to the network. POE is common for

Voice over IP (VoIP) environments to power telephone handsets and this same technology can be efficiently

used for thin/zero clients reducing facilities costs.

Impact on the Wide Area Network

For global companies, VDI can benefit from global load balancing and efficient migration of desktops, data

and licensing between data centers as users move. For example, employees may relocate to a new office or

be on temporary assignment overseas. Its important to support migration of their personal configuration

and data to a data center more suitably located so latency and user experience requirements are met. For

companies with multiple data centers in a given geography or who purchase hosting services for VDI, being

able to migrate user desktops and data efficiently over the WAN are also important. In a geography with

multiple data centers, global load balancing of VDI connections is an effective way to ensure uniform user

experience should WAN links become congested or outages occur. For some environments, improved

disaster recovery using stretched server clusters between regional data centers via MPLS/VPLS services,

are important design requirements. Stretched clusters may be advantageous for routine service and

maintenance of network equipment and servers so currently running VDI instances can be moved to an

adjacent data center whenever required.

The challenges of large scale VDI deployment are very similar to the challenges most enterprises are

already facing as they look for ways to reduce cost and improve agility with cloud computing. To assist

customers with strategic planning, Brocade developed a cloud architecture called CloudPlex. CloudPlex can

be directly applied to the challenges of large scale VDI Deployment.

BROCADE CLOUDPLEXTM ARCHITECTURE

Today most enterprise infrastructure looks like a combination of internal and external resources and for

most companies, largely location independent. Corporate data centers are placed across continents while

cloud service providers offering outsourced services, (e.g., SFDC, Google Mail and Google applications,

AWS, Ring Central) are being leveraged more and more. Consequently, this is the era of the virtual

enterprise. Today, enterprises are increasingly combining their own IT resources with outsourced services

and cloud computing delivering universal access to ever-more mobile users. Making businesses run on top

of this fully distributed infrastructure is challenging.

Figure 1. Brocades CloudPlex architecture for cloud computing

To address this transition, Brocade developed an architectural called CloudPlex. It is designed around three

pillars necessary to make the transition from dedicated, static infrastructure captive to a single application


6/19



or user, to a world of virtual computing dynamically assembled from loosely coupled virtualized resources,

platforms and highly distributed application components.

CloudPlex is Fabric-Based

Fabric technologiesoriginally developed for FC SANs and now being brought to Ethernet-are the key to

radically simplifying the network, improving scale, and optimizing resource utilization with virtual machines.

Fabrics are a foundational element of highly virtualized and cloud networks. They take us back to what

networking was supposed to bea seamless entity for any to any communications. So what is driving the need?

It is really very simple. Networking is designed to support business applications. When the applications change,

the underlying network has to change. This is what is driving the evolution of the layer 2 network to fabrics

technology.

Historically, applications have been written as monolithic programsconnected to big compute nodes and

attached to appropriately sized network and storage elements. Scaling relied on replacement of the server with

a larger model. Applications were commonly deployed on dedicated servers limiting flexibility while hindering

maintenance and disaster recovery.

Virtualization has altered that model by introducing an abstraction layer between the application and the

underlying hardware. The application can move to whatever hardware platform has the best price/performance

characteristics. This has become a compelling model for hardware resource management in the data center.

Ethernet Fabrics

Compared to classic hierarchical Ethernet architectures, Ethernet fabrics provide higher levels of

performance, utilization, availability, and simplicity. They have the following characteristics at aminimum:

Flatter. Ethernet fabrics eliminate the need for Spanning Tree Protocol, while still being completely

interoperable with existing Ethernet networks

Flexible. Can be architected in any topology to best meet the needs of any variety of workloads.

Resilient. Multiple least cost paths are used for high performance and high reliability.

Elastic. Easily scales up and down at need.

More advanced Ethernet fabrics borrow further from Fibre Channel fabric constructs:

They are self-forming and function as a single logical entity, in which all switches automatically knowabout each other and all connected physical and logical devices.

Management can then be domain-based rather than device-based, and defined by policy rather thanrepetitive procedures.

These features, along with virtualization-specific enhancements, make it easier to explicitly addressthe challenges of VM automation within the network, thereby facilitating better IT automation.

Protocol convergence (eg Fibre Channel over Ethernet, or FCOE) may also be a feature, intended as ameans of better bridging LAN and SAN traffic.


7/19



Another trend transforming application stacks is shown in Figure 2: applications are written in a much more

modular way where individual components use the network to communicate with each other reliably with low

latency. One example of this new model is having a web front-end, database tier and application tier all tied

together with a middleware layer over a SOA bus. For this new application stack, low latency, resiliency and high

availability are critical requirements of the network as a single component can support many applications so an

outage of a single component can have wide ranging, negative effects.

Figure 2. Application stacks are becoming collections of distributed modular components

Using this application architecture, some of the supporting elements like firewalls, intrusion detection and

prevention systems (IDS/IPS), are being implemented inside virtual machines. So the modern application

stack is becoming a collection of smaller components communicating with each other over a high speed,

low-latency, and resilient network. With virtualization, the components themselves may move from server to

server optimizing service levels and utilization, reducing power and cooling costs while simplifying

maintenance and disaster recovery.

The challenge is that the networks weve built over the past decade were not designed to efficiently support

this new application stack. The limitations inherent in existing network designs are getting in the way, sonetwork design has to change accordingly. One clear transition is industry recognition of the need for flatter,

lossless and low latency networks. One way to achieve this is with an Ethernet fabric architecture as a fabric

provides exactly the qualities needed to address the challenge.

With its fabric heritage, Brocade recognized early the advantages of bringing core fabric characteristics to

Ethernet, and released its Ethernet fabric technology, called Virtual Cluster Switching (VCS), in 2010. VCS is

discussed in more detail in the section titled, Brocade Virtual Cluster Switching.

CloudPlex Is Open

The second is leveraging open interfaces and standards. The CloudPlex architecture promotes the

combination of best of breed components, open routing, provisioning, and management interfaces. Open

systems for networking create healthy competition, speed innovation, and ultimately result in faster

customer adoption and better price efficiency. This has been true in computing and in applicationdevelopment, so clearly its applicable to networking as well.


8/19



To enhance openness and interoperability, CloudPlex incorporates three components as shown in Figure 3.

Figure 3. CloudPlex is an open architecture

Virtual Compute Block

A Virtual Compute Block (VCB) is Brocades solution for facilitating the interconnection of Best-of-Breed

Components into building blocks for scaling virtualization. VCB is part of our partner-based development

initiative to design, test and pre-configure modular virtualization solutions. For example, we are working with

hypervisor vendors and our partners to integrate their offerings using our VCB solution.

OpenStackOne of the tenets of cloud computing is data center wide orchestration of virtualized resources with just-in-

time provisioning. In the past, network infrastructure provisioning and management frameworks were

specific to the hardware vendor. Multiple frameworks were needed, each having limited interoperability with

the other. Today, an organization called OpenStack.org was started to address this problem. OpenStack is

an interoperable set of management tools that make management of the network infrastructure

transparent avoiding lock-in of network devices with management functions. Therefore, OpenStack software

is being integrated into cloud computing architectures used by many companies.

OpenFlow

OpenFlow is the emerging standard for software-defined networking that could provide improved

optimization of network services in large-scale environments. The control plane becomes an open platform

using standard APIs so network services and optimized traffic policies can be integrated more quickly

across multiple vendors routers and switches. Service provides are adding cloud computing services to

their offerings and OpenFlow has drawn attention as an approach to solving a number of challenges in

large-scale multi-tenant service environments such as the public cloud. Brocade has joined the OpenFlow

community and is actively engaged in development of OpenFlow components and research projects.

CloudPlex is Global

One of the assumptions of the CloudPlex framework is that everything has to be considered in a global

context. VMs and data cant just move across a couple of servers and storage arrays; they have to be

capable of moving across the world. Users are becoming much more mobile. IT services arent monolithic

anymore and are distributed so efficient, secure and cost-effective data center-to-data center connectivity is

critical in a cloud computing architecture.

No matter how fast networks get, there is delay caused by the finite speed of light when you separate users,applications, and data over distance. Optimizing the user experience is essential and requires the ability to

move application execution and data closer to users whenever degraded user experience requires it.

Efficiently and securely moving application components and data between data centers is important not

only for disaster recovery but for cost-optimization by minimizing power and cooling surcharges and

optimizing software license charges.


9/19



One other growing requirement of global access is the reality of limited availability of IP addresses

worldwide. Today, the current IP addresses, IPv4, are no longer available for allocation from IANA the

central clearinghouse for IP address allocation. A new and vastly larger set of addresses, IPv6, is available

and already being used in various industries, federal government agencies, and by Internet providers in

some countries. However, Internet devices using IPv4 cant directly connect to devices using IPv6 as the

IPv6 address structure is not backward compatible with IPv4. Solutions exist for Internet service providersand for enterprises and are integrated into the CloudPlex architecture.

APPLYING THE CLOUDPLEX ARCHITECTURE TO LARGE-SCALE VDI DEPLOYMENT

This section discusses how key elements of the CloudPlex architecture are being applied to the problem of

large-scale VDI deployments. Brocade has been actively working with partners to help our customers cost-

effectively scale VDI environments.

First, its important to understand two essential building blocks that are unique to Brocade. The first is

Brocades Virtual Cluster Switching (VCS) technology, which provides advanced Ethernet fabric capabilities.

The second, Virtual Compute Blocks (VCB), leverage fabrics to develop open, pre-configured, cost-efficient

solutions for scaling server virtualization in the data center. Virtual Compute Blocks rely on scale-out more

than scale-up to meet growth requirements. Brocades VCS technology with Ethernet fabrics is well suited

for this architecture while shared storage using SAN fabrics is a proven technology for scaling storage

resources.

Brocade Virtual Cluster Switching

Brocade VCS technology allows you to create efficient data center networks that just work. Ethernet fabric

architectures built on Brocade VCS technology share information across nodes and can be managed as a

single logical chassis, greatly simplifying management and reducing operational overhead. Brocade VCS

technology offers unmatched VM awareness and automation versus traditional architectures and

competitive fabric solutions and supports storage over a unified fabric when you are ready.

Figure 4. Brocade Virtual Cluster Switching with Ethernet Fabric


10/19



Only Brocade VCS technology, backed by a heritage of proven fabric innovations, delivers IT agility and

assures reliability, with a cost-effective point of entry to allow you to transition gracefully to elastic, highly

automated, mission-critical networks in your virtualized data center.

VCS technology is embedded in the Brocade VDX Data Center Switch portfolio. Brocade VDX Data Center

Switches are available today to enable you to build Ethernet fabrics to support cloud-optimized networking

and greater enterprise agility.

Brocade Virtual Compute Blocks

Brocade introduced Virtual Compute Blocks as a way to simplify server virtualization deployments and

address many of the challenges facing customers who plan to extensive deploy it across their data centers.

A Virtual Compute Block (VCB), shown in Figure 5, is designed to take maximum advantage of Brocade

networking solutions (IP and storage networks) in an open way so all server and storage partners can plug

in to a standard networking architecture.

Figure 5. Virtual Compute Block Solution with VMware

The platform leverages the advantages of data and storage. A fabric is designed to address the stringent

scalability, availability, resiliency and manageability requirements of virtualization. It is architected to exploit

modularity for simpler management and much shorter time from purchase to deployment. Using the VCB

solution, Brocade works with storage and server partners to quickly construct, test and validate modular

compute blocks for server virtualization. These pre-built modules are designed to be orderable as single unit

ready for deployment, allowing customers to choose from several module configurations based on their

virtualization requirements.

A unique capability of the VCB solution is built-in network scalability. This means customers can easily

connect different VCB solutions together to quickly scale out their virtualization infrastructure. Key to thisscale-out capability is the inherent properties of fabrics: multipath, resilient, flexible, lossless, low latency

and scalable.

Brocades Virtual Compute Block solution is flexible. For instance, 1 GE or 10 GE ports for server access are

provided on any port in the switch. Storage support includes Fibre Channel, iSCSI, Fibre Channel over

Ethernet for block access and file-based access via CIFS and NAS.


11/19



VCB INTEGRATION WITH VMWARE VIEW

Soon after introducing the VCB architecture VMware began working with Brocade to create server

virtualization solutions. They recognized the value of VCB flexibility, scalability and efficiency for customers

who need a proven solution for rapid virtualization scale-out. A reference architecture using VCB for server

virtualization is under development.

The VCB architecture can also be used to address the challenges of large scale VDI deployment. Pre-builtconfigurations are being developed that offer cost-effective solutions that can meet the VMware View

Reference Architecture supporting 5,000 seats in a single management Pod. The key to this flexibility is a

modular architecture combined with the scalability of the VCS Ethernet Fabric. This provides cost-effective

deployment from small to large so customers never buy more than they need. In particular, the VCB for VDI

solution is able to:

Enable performance and scalabilityas Brocade and VMware provide the price/performance, end-to-end VDI and network products to allow users to build VDI solutions that meet the performance

requirements of a user and scale to support wide-scale VDI deployment. VMware View optimizes the

provisioning and deployment of desktops using features like Integrated Application Assignment, Tiered

Storage, and Single Sign ON (SSO). Unlike classical, hierarchical Ethernet architectures, Brocade

Ethernet fabrics provide higher levels of performance, utilization, and availability. With this solution,

organizations are able to scale easily by utilizing plug-and-play architecture enabled by Brocade VCStechnology to add compute and storage capacities dynamically.Brocade converged network adapters(CNAs) are fully featured 10 GbE NICs that provide stateless networking offloads such as TCP

checksum and segmentation for improved performance and more efficient CPU usage. Brocade CNAs

support Virtual Machine Optimized Ports (VMOPs) to offload the hypervisor of essential virtual switching

tasks, such as incoming packet classification and sorting tasks, helping to reduce latency and improve

throughput while freeing CPU cycles. Brocade CNAs drive throughput of 500K IOPs per port. Other

advanced features in the CNA and Brocade VDX switches, such as stateless networking offloads and

active-active connection, provide even higher performance and throughput.

Provide security with powerful, validated functions from best-of-breed vendors enabled via VMwareView PCoIP security gateway, which allows secure connections to the desktops with stronger

authentication without VPN connections. The solution protects the virtual desktops from malware and

viruses. Brocade ADX Security Shields can be added to deliver wire-speed multi-gigabit-rate protection

from Denial of Service (DoS) and Distributed DoS (DDoS).

Ease migration as Brocade and VMware products are built on open standards and validated forinteroperability with leading server, storage, and network vendors. This allows customers to leverage

their existing infrastructure for VDI without resorting to rip and replace. In addition, Brocades support

for multiple protocols (such as TRILL, DCB, iSCSI, NAS, and FCoE) and pay as you grow modular

expansion allow users to expand and use new technology and products at their own pace and budget.

VMware View is fully compatible with vSphere, and View is tested and certified for all the major host

operating systems.

Drive lower TCO as the solution utilizes best-of-breed products built on the strengths of two companiesthat are market innovators. The solution utilizes a virtualization platform with VMware vSphere and

View in conjunction with the Brocade VDX 6720 family of data center switches and the best options

from leading compute and storage vendors. Organizations can choose the best options to realize the

greatest ROI at the lowest TCO.


12/19



Pre-tested, Factory Integrated Components for Fast Time to Service

One of the prime goals for VCB solutions was to dramatically reduce the time to deployment. As shown in

Figure 6, one VCB design under development supports VMware View VDI. Joint testing and validation

among the partners ensures factory integration eliminates problems commonly encountered when trying to

build an equivalent solution on the data center floor.

Figure 6. Brocade VCB solution for VMware View


13/19



Fabric-based Scale-out Architecture

As shown in Figure 7, the VCS Ethernet fabric enables a scale-out architecture that is simple to leverage.

Figure 7. Scaling Brocade VCB solution for VMware View

In this example using Dell Servers and iSCSI Storage, each VCB module consists of an integrated rack of

servers and storage optimized for a particular number of VDI seats based on the compute and storage

components used. Design considerations include number and type of CPU processor, memory, IO, storage

array ports, spindles and LUN placement, and network connectivity to servers and storage. In this example,

1,000 seat VCB modules are shown. With VCB solutions, different size modules can be designed to fit

within a rack optimized for the desired cost/performance metric. The modular architecture provides anextensible pool of compute, storage and Ethernet Fabric connectivity that simplifies scale-out by attaching

multiple modules together via the VCS Ethernet Fabric.

OTHER REQUIREMENTS FOR LARGE SCALE VDI DEPLOYMENTS

From the previous overview of the CloudPlex architecture, there are other network requirements that extend

beyond the design of a Virtual Compute Block optimized for VDI applications. These include integration with

the Campus LAN, integration with the WAN, security and how to transparently support traffic between IPv4

and IPv6 devices.

Integration with Campus LANUser access to their desktop commonly relies on a campus LAN network. The impact can be on both wired

and wireless connectivity and includes larger bandwidth, higher availability and resilience and converged

management of wired and wireless infrastructure. With thin clients, Power over Ethernet (POE and POE+)

maybe attractive so devices are powered from the same Ethernet port they use to access the data center

network. More mobile devices are being used to access information and data using laptops and pad

computing devices. Simplified management and configuration of wireless networks has driven new

approaches moving configuration and security to the wireless network controller and out of the access

points. This improves scalability, reduces configuration time and improves reliability. All of these are

important for VDI traffic over the campus LAN.


14/19



Integration with WANFor large-scale VDI deployments across continental and global distances, the WAN is the path between the

user device and their desktop environment. Critical issues for integration include acceptable latency to

meet user experience requirements. In general, for users who live and work in within the same region as the

data center hosting their VDI seat, this isnt a problem. However, managing access control, security and

efficient load balancing of connections is important for the user experience. Application delivery control

(ADC) is an important part of the WAN design. With ADC, access can be efficiently secured using proven

protocols such as SSL connections that are terminated and managed by the ADC service rather than taxing

the physical servers hosting virtual machines and VDI seats. Also, the growth of IPv6 traffic can be

efficiently accommodated and bridged to existing IPv4 equipment using IP translation services hosted in

the ADC.

When users move to a new location, its necessary to migrate their desktop and virtual machine

configuration as well as move the application data to a data center within an acceptable distance. Moving

virtual machines in real time non-disruptively maybe viable where latency between data centers is low

(5 milliseconds or less) but is not possible over continental distances. In addition, moving the virtual

machine and its hosted desktop environment also requires moving user data or application access to that

data will be adversely affected by latency. Consequently, the WAN has to also support efficient migration of

the VDI environment including the virtual machine, all applications and their settings as well as the data.

MPLS and VPLS services are options for the live virtual machine migration within a geographic region while

efficient migration of user data could benefit from optimized storage migration protocols such as Fiber

Channel over IP (FCIP). Brocade provides 1 GE and 10 GE FCIP solutions as well as MPLS and VPLS

solutions over 1/10/40 and 100 GE links.

Integration of Security Services

The VCB is designed to provide flexible support for network security services. In the VMware VDI

solution, virus-scanning agents provided by Trend Micro run inside the virtual server. Typically, additional

network security services will be deployed as well. Figure 8 shows common security architectures providing

firewall, load balancing and intrusion detection and protection services. The Brocade ADX provides not only

server load balancing for optimizing traffic flow to firewall services, but high performance off-load for SSL

termination removing this resource intensive operation from servers hosting VDI sessions. As shown in Figure

12, the ADX can be used with a VCS Ethernet Fabric in a variety of topologies such as the 6 pack, Layer 3Lollipop and in the future, leveraging a new capability, dynamic service insertion, the layer 2/layer 3 Lollipop.

Figure 8. VCS technology supports flexible security architecture


15/19



The roadmap for VCS technology includes dynamic service insertion and support for layer 3 routing within

the fabric. As shown in the right hand diagram of Figure 14, traffic is transparently rerouted within the VCS

Ethernet Fabric to provide the appropriate security services. This allows a flatter core/edge network

architecture instead of the classic three tier network. A flatter fabric network eliminates network devices

reducing capital cost, simplifying configuration and management to lower operating costs.

Access Control and Transparent Support of IPv4 and IPv6 DevicesThe growth of devices using the Internet is forcing migration to a new routing architecture, called IPv6, with

sufficient addresses to meet the demand. While IPv6 avoids address exhaustion, it does so without being

backward compatible with the previous address method, IPv4. But, traffic between IPv6 and IPv4 devices

needs to flow seamlessly. Therefore, a means to provide reliable and secure mapping of IPv6 addresses

used by newer user devices to older IPv4 addresses commonly used in the data center is necessary. This

requirement and likely will continue for some time to come.

Another important challenge is managing device access control to the desktop applications running in the

data center. Many more users will access many more applications from a variety of devices so scalable

performance of access control services becomes critical. Any access control function that gets

implemented between the user and an application has the potential to slow things down. To achieve high

performance, solutions that use hardware to accelerate access control while automatically sensing network

load and directing new user sessions to less utilized servers become very important in maintaining user

experience.

Today, Brocades ADX family of application delivery controllers have the required features for access control

of users from the campus LAN and WAN to applications in the data center and IPv6/IPv4 mapping, or

network address translation (NAT64) services as shown in Figure 9.

Figure 9. Using an application delivery controller for IPv6-IPv4 NAT

A primary requirement for application delivery controllers, such as Brocades ADX family, is getting remote

users securely connected to their applications with minimal latency. Since user experience is largely

measured by latency, fast access control and connection load balancing are needed. In addition, accesscontrol has to be resilient so upgrades and component failures do not disrupt traffic from user devices to

applications.

Monitoring, Management and Traffic Analysis

VDI places new and more stringent requirements on the end-to-end network inclusive of the data center,

campus LAN and WAN due to distributed access from a variety of clients to their desktop environment in

the data center. Careful planning for monitoring, management and traffic analysis is important to ensure

user experience, availability and resiliency, and fault isolation are built into the network infrastructure.


16/19



Brocade fully supports an open management platform, sFlow, to provide these capabilities. sFlow is a

packet sampling technology that can be implemented in a broad range of networking devices such as layer

2 switches, layer 47 application controller switches, and core routers. A primary goal of sFlow is to provide

these services without degrading performance of network devices. This means sFlow can scale as link rates

increase as evidenced by its inclusion in Brocades MLXe Routers with industry-leading 100 GbE

connectivity.

As shown in Figure 10, sFlow separates traffic sampling from traffic analysis. Packet sampling logic is

embedded inside the data path of the network device while traffic analysis is processed on a separate

device, typically a server or server cluster. This architecture allows large scalability with real-time analysis.

Figure 10. sFlow architecture for Monitoring, Management and Traffic Analysis

For applications environments such as VDI that require high availability from client device to data center

server across the campus LAN and the WAN, scalable, real-time network monitoring ensures accurate

metrics so proactive actions can be taken to ensure user experience. Further, sFlow-based traffic analysis

improves planning and equipment utilization so potential network hot spots can be correlated with changes

in VDI workload anywhere in the network. VM migration can then help rebalance network traffic as required

and capacity planning can support network upgrades where essential for maintaining user experience.Finally, sFlow tools are available from a number of vendors since sFlow has open interfaces.


17/19



Scaling Out the VCB Solution for VMware View

Figure 11 shows how the VCB for VDI can scale-out to a VMware View 5.000 seat Pod. VMware publishes a

reference architecture that has been tested up to this size. This is used as the framework for how to scale

up the VCB design.

Five modules are connected together forming a single management Pod based on the VMware View

Reference Architecture. Even larger modules could be constructed using more modules or modules can bedesigned with components tested to support more than 1,000 VDI seats per rack, but there is a natural

scale-out limit of 5,000 View seats per Pod in the VMware reference architectures so that defined the Pod

size. Storage options include iSCSI, Fibre Channel and Fibre Channel over Ethernet, each being suitable for

particular cost/performance and total module scale up requirements.

Figure 11. VCB solution for 5,000 seat VMware View Pod configuration

The VCS Ethernet Fabric connects multiple modules together forming a management Pod and directly

attaches a Pod to the network core for a flatter network. The core connections use Brocades multi-chassis

trunking (MCT) in the core routers with VCS vLAG connections in the Ethernet Fabric to provide resiliency

and high availability. Brocade VCS vLAG links leverage 10 GE connections on the VDX switches to eliminate

bottlenecks for traffic flowing to the core. And, vLAG links can connect to multiple VDX switches for

improved resiliency and availability. Optionally, an aggregation layer can be added between the VCS

Ethernet Fabric and the core if a traditional three tier architecture is desired.

Security services (intrusion detection/prevention, active directory services, etc.) can be integrated with each

Module. Adding a Brocade ADX application delivery controller at the core provides IPv6 translation services

for seamless integration of IPv6 and IPv4 traffic while providing load balancing for firewall services.


18/19



Between VDX switches, Brocade ISL Trunks (B-ISLT) automatically form highly efficient layer-2 trunks as

soon as cables are connected between switches. The B-ISLT is highly efficient for east-west traffic using 10

GE links with up to eight links per trunk. Revolutionary frame stripping across the physical links deliver near

perfect load balancing with very low latency not available in traditional LAG solutions. Built-in ECMP services

in the Ethernet Fabric automatically optimize traffic flows utilizing all available shortest paths in the fabric

for load balancing with resiliency.

As shown in Figure 12, multiple 5.000 seat VMware View Pods can be used to construct very large-scale

configurations, into the tens of thousands of seats in a single location if necessary.

Figure 12. Scale-out of VMware View Pods to tens of thousands of seats

TESTING VCB FOR SCALABILITY AND SUPPORTABILITY

Brocade is actively engaged in test and validation of Virtual Compute Blocks specifically optimized for VDI

using VMware View. As with any large scale deployment of emerging technology, its important to validate

and test configurations to ensure required scalability, availability and operation models are well designed

and proven prior to deployment in production. Our VCB architecture is backed by our investment in partner

programs to test, validate and harden complete modular solution offerings, as well as integrated

management and post-sale support. But additional testing to confirm resiliency, disaster recovery, upgrade

and service methodology, etc. is also important. Brocade is prepared to support this level of development

with our partners for unique customer environments such as found at global systems integrators, service

providers and government agencies.


19/19



SUMMARYThe virtual enterprise has arrived. The key technology driving the changes in computing infrastructure is

server virtualization. Two other trends amplify the value of virtualization: distributed component application

stacks developed for the web and the transition of IT operations into a service provider. This is the Cloud

computing model offering more flexibility to place data and applications anywhere in the network, anywhere

in the world. Brocades CloudPlex architecture directly addresses the transitions in computing and

application architecture with new network capabilities. We believe that fabrics, open systems and global

reach, the three pillars of the CloudPlex architecture, are fundamental principles defining computing and

networking in the 21st century.

Virtual desktop infrastructure is growing with implementations both in private data centers and the public

cloud. Key challenges include scaling the infrastructure, ensuring secure access, cost-effective mobility of

user desktops and data between data centers anywhere in the world and handling the growth of devices

using IPv6. VDI infrastructure is an excellent fit for the CloudPlex architecture as recognized by VMware and

other partners who are actively working with Brocade to deliver tested, preconfigured Virtual Compute

Blocks based on Brocades CloudPlex architecture.

2011 Brocade Communications Systems, Inc. All Rights Reserved. 07/11 GA-TB-393-00 R5

Brocade, the B-wing symbol, DCX, Fabric OS, and SAN Health are registered trademarks, and Brocade Assurance, Brocade NET Health,

Brocade One, CloudPlex, MLX, VCS, VDX, and When the Mission Is Critical, the Network Is Brocade are trademarks of Brocade

Communications Systems, Inc., in the United States and/or in other countries. Other brands, products, or service names mentioned are or

may be trademarks or service marks of their respective owners.

Notice: This document is for informational purposes only and does not set forth any warranty, expressed or implied, concerning any

equipment, equipment feature, or service offered or to be offered by Brocade. Brocade reserves the right to make changes to this

document at any time, without notice, and assumes no responsibility for its use. This informational document describes features that may

not be currently available. Contact a Brocade sales office for information on feature and product availability. Export of technical data

contained in this document may require an export license from the United States government.

Documents

CloudPlex Architecture