Upload
others
View
6
Download
0
Embed Size (px)
Citation preview
Technical Presales Guidance for Partners
Document version 1.1 Document release date 25th June 2012 document revisions
Contents 1. OnApp Deployment Types ............................................................................................... 3
1.1 Public Cloud Deployments ............................................................................................................. 3
1.2 Private Cloud Deployments ............................................................................................................ 3
1.3 Hybrid Cloud Deployments ............................................................................................................ 3
2. OnApp Cloud Infastuctiure Design Recommendations ..................................................... 4
2.1 OnApp Cloud Hypervisor Server Design Considerations ................................................................ 5
2.2 Virtual Local Area Networks ........................................................................................................... 8
2.3 Edge Network Design ..................................................................................................................... 9
2.4 Core and Access Network Design ................................................................................................. 10
2.5 Network Security Design Considerations ..................................................................................... 11
3. Storage Network Recommendations .............................................................................. 12
Appendix: document revisions .............................................................................................. 13
1. OnApp Deployment Types OnApp Cloud is designed to be flexible and can be deployed to fit the needs of different types of environments
1.1 Public Cloud Deployments
Public cloud deployments are the standard hosting type cloud where VMs are deployed with direct access to Internet. In a public cloud the infrastructure focus will be on the edge network and security will be performed only at the edge. Private networking is for management only.
Hardware requirements may be lower, but not necessarily. You will definitely have less complication with the reduced requirement for the number of VLANs.
1.2 Private Cloud Deployments
Private cloud deployments would be an environment for internal (or secured) access only. Examples would be development, QA, UAT/staging, or virtualized internal datacenters. These types of clouds will not typically have access to the public Internet and therefore will not normally have a public network segment. Private clouds will most likely be on site of an existing datacenter or reached via WAN link if hosted away from the end-‐users.
If hosted at a location remote to the end-‐users, the private cloud infrastructure will still have a edge network. But the router at this edge network may simply have an IP to allow IPsec VPN, DMVPN, MPLS, or point-‐to-‐point connectivity to one or more sites. Security may or may not be important depending on the security of the private network and where the end-‐users are located.
1.3 Hybrid Cloud Deployments
Hybrid clouds will exhibit features (and design) of both a private and public cloud infrastructure, so the design elements will include edge networking, security, and WAN connectivity. Virtualized datacenters, backup or DR virtual datacenters, and hosters seeking to provide advanced customer configurations will use hybrid clouds.
2. OnApp Cloud Infastuctiure Design Recommendations The cloud infrastructure enables your OnApp cloud deployment to function as advertised to your end-‐users. It is important to design the network and storage infrastructure with best practices and OnApp recommendation in order to achieve the highest performance and eliminate single points of failure.
OnApp’s design recommendations in the following sections are to help you, our partner, to deploy OnApp clouds that are fast, dynamic, resilient, and generate revenue!
OnApp has compiled a list of recommended network hardware that is suitable for mission critical cloud infrastructures. This is not an all-‐inclusive or exhaustive list and should be considered a guide not an absolute.
2.1.1 Network Infrastructure Vendor Recommendations
Cisco
• Access Switches o Cisco Catalyst 2960 Gigabit Switches o Cisco Nexus 2000 10Gb Switches
• Core/Layer 3 Switches o Cisco Catalyst 3560 Gigabit Switches o Cisco Nexus 3000 10Gb Switches o Cisco Nexus 5000 10Gb Switches
• Storage Switches o Cisco Catalyst 2960 o Cisco Nexus (Any Series)
• Security o Cisco ASA (Any model)
HP Networking (Procurve)
• Access Switches o 2510 or 2910al Gigabit Switch Series
• Core/Layer 3 Switches o 3800 Gigabit Switch Series o 5800 & 5900 10Gb Switch Series
• Storage Switches o 2510 or 2910al Gigabit Switch Series o 5800 10Gb Switches Series
Juniper
• Access Switches o EX2200 Series Gigabit Switches o EX2500 Series 10Gb Switches
• Core/Layer 3 Switches o EX4200 Series Gigabit Switches o EX4500 Series 10Gb Switches
• Storage o EX2200 Series Gigabit Switches o EX2500 Series 10Gb Switches
• Security o SRX Series Service Gateways
Dell Networking
• Access Switches o PowerConnect 5500 Series Managed Gigabit Switches o PowerConnect 8000 Series 10Gb Switches
• Core/Layer 3 Switches o PowerConnect 6200 & 7000 Series Switches o PowerConnect 8000 Series 10Gb Switches o Dell Force10 Series Switches
• Storage Switches o PowerConnect 5500 Series Managed Gigabit Switches o PowerConnect 8000 Series 10Gb Switches o Dell Force10 Series Switches
• Security o PowerConnect J-‐SRX Series (Juniper)
3. Examples of Network Infrastructure Vendor Recommendations
3.1 Dell Hardware reccomendations
The following is an example of Dell hardware that would be suitable for OnApp infrastructure.
Note that all hardware is fully customisable so default OnApp requirements should be considered when purchasing hardware from Dell. A list of our minimum requirements can be found on the OnApp website: http://onapp.com/cloud/requirements/
Control Panel PowerEdge R410 Rack Server PowerEdge R420 Rack Server
Hypervisors PowerEdge R610 Rack Server PowerEdge R720 Rack Server PowerEdge R820 Rack Server Backup Server PowerEdge R720 Rack Server PowerEdge R820 Rack Server PowerVault MD3200i/MD3220i PowerVault MD3600i/MD3620i Dell Storage reccomendations Primary Storage PowerVault MD3200i/MD3220i PowerVault MD3600i/MD3620i EqualLogic PS4100 EqualLogic PS6100
3.2 SuperMicro Hardware reccomendations
Control Panel Server: SYS-‐ 6016T-‐6F CPU: 2x Intel® Xeon® processor 6 cores 5600/5500 series Memory: 6x 4GB DDR3 1333 ECC Registered DIMM (Recommended 8GB Minimum for OnApp) HDD: 4x 3.5" Cheetah 15K.7 SAS 6-‐Gb/s 300-‐GB Hard Drive RAID10 -‐ Intel® Xeon® processor 5600/5500 series, with QPI up to 6.4 GT/ -‐ LSI 2008 8-‐Port 6Gbps SAS Controller; RAID 0, 1, 10; RAID 5 optional -‐ Integrated IPMI 2.0 with KVM and Dedicated LAN -‐ Dual Intel® 82574L Gigabit Ethernet -‐ 560W Gold Level Power Supply -‐ 1 (x8) PCI-‐E 2.0 slot Hypervisors Server: SYS-‐6026TT) CPU: 2x Intel® Xeon® processor 6 cores 5600/5500 series -‐ per node Memory: 12x 8GB DDR3 1333 ECC Registered DIMM -‐ per node maximum (12-‐64 GB Recommended for OnApp) HDD: 2x 3.5" Cheetah 15K.7 SAS 6-‐Gb/s 300 GB Hard Drive -‐ per node (recommended RAID1) -‐ Intel® Xeon® processor 5600/5500 series, with QPI up to 6.4 GT/s -‐ LSI 6Gbps SAS 2108 w/ Hardware RAID via BPN-‐ADP-‐SAS2-‐H6iR; RAID:0, 1, 5 -‐ Integrated IPMI 2.0 with KVM and Dedicated LAN -‐ Dual Intel® 82574L Gigabit Ethernet Controller (Minimum 4 NICs recommended for OnApp) -‐ 1400W Redundant Power Supplies , Gold Level Certified -‐ 1 (x8) PCI-‐E 2.0 (low-‐profile) with riser card
Primary Storage Storage Solution -‐ MB: X8DTE-‐F w/ Chassis: SC836E16-‐R1200B CPU: 2x Intel® Xeon® processor 6 cores 5600/5500 series SAS RAID Card -‐ SAS2LP-‐H8iR with LSI MegaRAID CacheCade Pro 2.0 Cache SSD: Intel 320 series, 80GB, SATA 3Gb/s, MLC, 2.5" 7.0mm, 25nm Memory: 6x 4GB ECC Unbuffered DIMM, 1DPC 3 Channels per CPU HDD: 2x 3.5" SEAGATE Seagate Constellation 100GB SAS 6GB/s 7.2K RPM 64M Cache Hard Drive HDD: 14x 3.5" SEAGATE Seagate Constellation 500GB SAS 6GB/s 7.2K RPM 64M Cache Hard Drive BBU: BTR-‐0018L-‐0000-‐LSI BATTERY BACKUP FOR SAS2108 -‐ 3U Storage Chassis with optimised 16x HDD -‐ Intel® Xeon® processor 5600/5500 series, with QPI up to 6.4 GT/s -‐ Dual Intel® 82574L Gigabit Ethernet Controller (Recommend 4 NICs minimum for OnApp) -‐ Integrated IPMI 2.0 with Dedicated LAN -‐ Optimised for IO performance -‐ Expendable Storage Capacity with JBOD -‐ 1200W high-‐efficiency (1+1) redundant power supply (Gold Level 93%) -‐ Consider 2x the above specification if your storage software is capable of active/passive redundancy. Backup Storage Storage Solution -‐ MB: X8DTE-‐F / Chassis: SC836E16-‐R1200B CPU: 2x Intel® Xeon® processor 5600/5500 series SAS RAID Card: 1x SAS 2.0 RAID Card -‐ SAS2LP-‐H8iR Memory: 6x 4GB ECC Unbuffered DIMM HDD: 2x 3.5" SEAGATE Seagate Constellation 100GB SAS 6GB/s 7.2K RPM 64M Cache Hard Drive HDD: 14x 3.5" SEAGATE Seagate Constellation 3TB SAS 6GB/s 7.2K RPM 64M Cache Hard Drive BBU: BTR-‐0018L-‐0000-‐LSI BATTERY BACKUP FOR SAS2108 -‐ 3U Storage Chassis with optimised 16x HDD -‐ Intel® Xeon® processor 5600/5500 series, with QPI up to 6.4 GT/s -‐ Dual Intel® 82574L Gigabit Ethernet Controller -‐ Integrated IPMI 2.0 with Dedicated LAN -‐ 1200W high-‐efficiency (1+1) redundant power supply (Gold Level 93%) -‐ Expendable Storage Capacity with JBOD -‐ Consider faster disks if within budget for optimal performance
8
Technical Presales Guidance for Partners| v1.0 | 25th June 2012
3.1 Virtual Local Area Networks
OnApp recommends the use of VLANs to segregate traffic to reduce network congestion, save IP space, and create logical security zones. At minimum, the following networks should be on a VLAN if their own:
• Management (Control Panel and Hypervisor server communication segment) • Public IP space (Internet-‐facing network traffic) • Storage (iSCSI, ATAoE, FCoE over routed or non-‐routed networks)
OnApp also highly advises a separate segment for backup traffic (if the backup device is also over routed or non-‐routed networks) as well as separate VLANs for private customer setups (to be covered later).
10GbOr
4 x 1GbRecommended
10GbRecommended
OnApp Hypervisor Server
Management VLAN Public VLAN Storage VLAN Backup DeviceVLAN
9
Technical Presales Guidance for Partners| v1.0 | 25th June 2012
3.2 Edge Network Design
In cloud deployments, the edge network design is important to be flexible and resilient for your customer base. OnApp recommends utilizing edge routers as your first entry point to your network. Circuit redundancy is recommended for optimal uptime. OnApp recommends separate inbound circuits fed from separate access switches from your Internet service provider. Router redundancy via HSRP or VRRP protocols is also recommended to prevent a single point of failure at your router.
1Gb 1Gb
Internet
1Gb 1Gb
Edge Router Edge Router
Untrust
2 x 1Gb
10
Technical Presales Guidance for Partners| v1.0 | 25th June 2012
3.3 Core and Access Network Design
There are many methods for core and access layer networking. OnApp does, however, recommend the following:
• If using larger modular switches, use at least two chassis with identical port density to prevent a single point of failure at the network core.
• If using smaller switches, use pairs at each layer (edge, core, and access).
Since you will need to rely on VLANs, all switches are recommended to be setup to pass 802.1q or ISL VLAN tags.
At your core switching/routing layer, only route “trusted” networks. These are networks such as out-‐of-‐band management devices, environmental devices, monitoring and console (KVM-‐over-‐IP) devices, and the OnApp management network segment.
1Gb
10Gb XRRP
10Gb 10Gb
1Gb1Gb
1Gb 1Gb
10Gb
DMZ-Services Trust
11
Technical Presales Guidance for Partners| v1.0 | 25th June 2012
3.4 Network Security Design Considerations
If you are following OnApp recommended network design, you’ll note the recommendation to have a router (or pair) at the edge and not a security device. The reasoning for this is that most security devices cannot do (or would require more expensive versions to do):
• Blackhole denial-‐of-‐service (DOS) attacks efficiently • Fully support BGP peering options • Efficiently allow for routing of multiple IP ranges
This does not remove the necessity of having a security device, however. OnApp recommends security devices be placed in the edge network behind your edge router(s). You security device should be used accomplish the following:
• NAT traffic from private network segments to public IPs • Provide multiple security zones (DMZ) for your internet-‐facing services and/or customer-‐
specific zones • Block unauthorized entry to private or secured network areas via ACL (access control lists) • Optionally perform intrusion detection/intrusion prevention on selected network segments
Security devices should be sized to handle inspection of all Internet traffic and should be capable to handle the entire Internet bandwidth available.
12
Technical Presales Guidance for Partners| v1.0 | 25th June 2012
4. Storage Network Recommendations OnApp recommends a completely separate storage network infrastructure. Storage performance is paramount to cloud operations and our recommendation comes from many support calls generated from non-‐optimal storage networking configurations.
For FibreChannel, OnApp recommends 8Gb FC for optimal performance. Smaller environments can use 4Gb and even 2Gb, but as your environment scales out, you will encounter severe performance degradation as your overall available IOPs are consumed by a growing datastore and hypervisors accessing it. OnApp recommends the use of redundant HBA (host-‐bus adapters) on both the storage controller and the servers themselves as well as MPIO (multi-‐path input/output) if available.
For iSCSI and any Ethernet-‐based transit OnApp recommends using a separate switching infrastructure. OnApp recommends the switches used for storage support jumbo frames (preferably 9000 byte jumbo frames). If a 1Gb fiber/copper infrastructure is used, OnApp recommends bonding NICs into no less than 4x1Gb, for optimal performance, on both the hypervisor servers and the storage controller. OnApp recommends the use of 10Gb networking with jumbo frames for storage operations.
13
Technical Presales Guidance for Partners| v1.0 | 25th June 2012
Appendix: document revisions V1.0 25th June 2012 • First release