Virtualization enables businesses to break free from inflexible infrastructure layers and become more agile. It allows businesses to avoid high capital costs and implement a cost-effective data center environment. It helps promote business innovation through faster workload delivery, service creation, and application availability. Virtualization also helps eliminate silos, sprawl, and manual operations. Virtualization has begun a revolution in the data center, but to achieve the full benefits, businesses must take a holistic approach and extend the concepts of virtualization beyond just the server.
Although server virtualization can provide many benefits, it also challenges the way that IT works. On-demand, just-in-time IT resources and the capability to dynamically and virtually scale resources to meet sudden bursts in business demand are now a reality, and the abstraction that virtualization provides brings enormous possibilities to the server layer as well as the overall data center. However, although implementing server virtualization in a pilot project or on a small scale can easily be accomplished with the current IT methods, large-scale virtualization, in which the virtualized data center becomes the default operating environment, requires a new approach to IT. Virtualization affects all of IT; it is not just about the server.
Businesses face many challenges as they move toward virtualization. Through many years of effort transforming its own environment and helping some of the world's largest organization virtualize theirs, Cisco had identified the main obstacles that must be addressed as part of any successful strategy:
• Inflexible, monolithic infrastructure
• Management complexity
• Organizational silos
Virtualization-Optimized Infrastructure
As previously noted, server virtualization can easily be implemented on existing IT infrastructure that was not originally intended to support virtualization. However, a truly scalable strategy that will support virtualization as the default operating environment needs an approach that was designed with virtualization in mind. The infrastructure must support two central aspects of virtualization: shared infrastructure and the highly dynamic nature of virtual machine environments.
Data centers and the underlying infrastructure have traditionally been built around a single application running on a single server connected to a single switch port. Virtualization requires a different model, with multiple applications now being hosted on a single server and sharing traffic over a single link connected to a single switch port. Systems not intelligent enough to work at the virtual machine level, with the capability to distinguish traffic flows, will have difficulty applying network policies such as quality of service (QoS) and VLAN association and enforcing security. One additional challenge with any kind of policy enforcement in a virtualized environment is that traffic can flow between virtual machines on the same server and completely bypass the traditional policy enforcement points such as switches or firewalls. The inability to distinguish traffic on shared infrastructure also complicates management, operations, and troubleshooting. For example, traditional implementations of common tools such as Remote Switched Port Analyzer (RSPAN) and NetFlow cannot easily provide virtual machine-level detail, slowing root-cause analysis and resolution. Further, these challenges affect both data and storage traffic.
The infrastructure must also support the dynamic nature of a virtualization. Virtual machines can be brought up and taken down much more quickly than physical servers. Although the tasks to bring up a physical server are similar to those for a virtual server, the rate at which virtual machines are created and destroyed can create operational stresses unless the infrastructure has some inherent intelligence and automation to help manage the pace. Also, unlike physical servers, virtual servers and their workloads move across machines and even across data centers. Again, intelligence and orchestration within the infrastructure is needed to manage virtual machine mobility.
While most servers can successfully support server virtualization, certain attributes make a platform especially well suited for server virtualization. These attributes include a policy-driven configurability to quickly adapt to the requirements of new virtual machines, high-bandwidth I/O with detailed control and large-memory options to support higher levels of virtual machine density, and sophisticated networking to meet the unique needs of virtual machine environments.
What Cisco Offers
Cisco provides a number of technologies that can be deployed individually or in concert that can deliver data center infrastructure that is optimized for virtualized environments.
Virtual Machine-Optimized Networking
As already noted, a shared infrastructure is needed that still provides the appropriate level of granularity and control. To address this need, Cisco offers the following:
• Cisco Nexus® switches and Cisco Unified Computing System™ (Cisco UCS™) platforms are all built to use 10 Gigabit Ethernet to provide ample raw bandwidth for dense virtual machine deployments. The bandwidth can be dynamically and flexibly managed with QoS policy to help guarantee bandwidth to priority workloads while also helping ensure that overall bandwidth is efficiently used and not wasted.
• The Cisco Nexus 1000V Switch acts as a hypervisor-based IEEE 802.1Q switch in VMware vSphere environments and provides virtual machine-level granularity for the application of network policy, such as VLAN membership or QoS policy. It also provides virtual machine-level visibility with established tools such as RSPAN and NetFlow so that problem identification and resolution is no different in a virtual environment than it is in a physical environment. Because it is hypervisor based, the Cisco Nexus 1000V acts as a control point for traffic moving between virtual machines on the same host that would not be visible to physical switches.
• Cisco offers the capability to create and apply both security and Layer 4 through 7 services with virtual machine-level granularity. Cisco® Virtual Security Gateway (VSG), which works with the Cisco Nexus 1000V, is a zone-based firewall that can enforce policy at the virtual machine level. Similarly, Cisco Virtual Wide Area Application Services (vWAAS) is a virtual implementation of the Cisco WAAS WAN optimization appliance and can apply policy with per-virtual machine control.
• Cisco supports the IEEE 802.1Qbh standard, which provides an alternative method of networking virtual machines. This standard provides hardware-based switching by virtually connecting each virtual machine to a virtual port on an upstream Cisco Nexus switch. This approach provides the same granularity and transparency as with the Cisco Nexus 1000V.
Figure 1. Nexus 1KV Virtualized Switching
Cisco also addresses the dynamic nature of the virtualized environment. Cisco's policy-based management helps reduce or eliminate the operational churn associated with the rapid provisioning and deprovisioning of virtual machines, as will be discussed later in this document. Cisco also supports live migration - the movement of a running virtual machine between servers - with a number of technologies:
• For migration within a data center, Cisco Nexus switches support Cisco FabricPath, a prestandard version of TRILL, which allows all the servers within a given virtual machine cluster to exist in the same Layer 2 domain.
• For movement of virtual machines between data centers, Cisco offers several options. Cisco Overlay Transport Virtualization (OTV) and Cisco Locator/ID Separation Protocol (LISP) allow you to migrate virtual machines across data centers. These technologies can be used independently or in conjunction with each other; the appropriate technology depends on the application and workload requirements.
• The network policy maintained by the Cisco Nexus 1000V, the security policy maintained by Cisco VSG, and the WAN acceleration policy maintained by Cisco vWAAS stay intact during live migration, so that policy compliance is maintained regardless of where the virtual machine is running.
Virtual Machine-Optimized Storage
Cisco offers several features to optimize storage networking capabilities for virtual machine environments with virtual machine-level granularity and transparency similar to that for data networking solutions:
• Each virtual machine's virtual host bust adaptor (vHBA) can acquire its own Fibre Channel identifier (FC-ID) through N-port ID virtualization (NPIV).
• Attributes such as VSAN membership, zoning, QoS, and logical unit mapping can be assigned with virtual machine-level granularity.
• Each vHBA's port World Wide Name (WWN) remains intact across migration events.
• Fabric login status, location, and performance metrics can all be monitored for each virtual machine. Similarly, troubleshooting tools such as Fibre Channel ping and Fibre Channel traceroute can operate with the same granularity.
• One of the benefits of unified fabric is that every port offers a consistent and ubiquitous set of features and capabilities, so regardless of where a virtual machine migrates within the data center, it will continue to have access to its storage resources.
In addition, Cisco has partnered with storage industry leaders EMC and NetApp to address the most demanding storage and virtualization needs.
Figure 2. Cisco Unified Compute System
Virtual Machine-Optimized Server Platform
Cisco UCS is a next-generation data center platform that unites computing, networking, storage access, and virtualization resources into a cohesive system that is ideal for virtualized environments:
• The unified fabric that is integral to Cisco UCS delivers consistent and ubiquitous network and storage services to any blade. Additionally, Cisco UCS can dynamically deliver up to 40 Gbps of bandwidth to any blade to support even the highest levels of virtual machine density.
• Integrated management and service profiles create a stateless computing environment, so any blade can be quickly adapted to support any workload.
• The patented Cisco Extended Memory Technology supports 394 GB of RAM on a two-socket platform to allow extremely high virtual machine density on a single server blade.
• Sophisticated virtual machine-specific I/O technologies such as IEEE 802.1Qbh and NPIV meet the data and storage networking requirements.
Figure 3. Cisco Virtual Adapter Technology
Simplified Management and Operations
As previously discussed, virtualization can increase operational demands on IT because of the rate at which new virtual machines can be brought up and taken down. Live migration also typically requires IT support to remap security policy, storage access, etc. as the virtual machine moves. One additional complication is that with certain hypervisor features, virtual machine migration may be automated, not manually initiated. As a result, either these (often attractive) features cannot be used, or best-practice designs must be compromised to support these features, which can further increase operational complexity. When virtualization is in pilot mode, or when only a small percentage of the production workload is virtualized, the additional operational burden is manageable; however, at higher levels of virtualization, the amount of manual operations becomes untenable. Because of this, an effective operational framework not only provides virtual machine-level granularity and visibility but also provides a significant degree of automation.
What Cisco Offers
A major focus of Cisco's strategy is to take advantage of automation and intelligence in the infrastructure to reduce or eliminate much of the operational overhead associated with virtualized environments. This goal is accomplished mainly through policy-based models:
• The Cisco Nexus 1000V establishes a secure link with VMware vCenter. When a network administrator creates network policies (for example, VLAN ID and QoS) for a type of virtual machine (web server, data base application, marketing department application, etc.), the policies automatically show up as port groups in VMware vCenter. The server administrator simply associates a virtual machine with the port group. When the virtual machine is powered up, the network policy is automatically applied. When VMware vMotion migration is initiated, either manually or automatically, VMware vCenter communicates this event to the Cisco Nexus 1000V, which helps ensure that the network policy moves with the virtual machine.
• Cisco VSG applies security policy using a similar model. The security administrator creates policy that the server administrator can access and apply to a virtual machine through VMware vCenter. The security policy also stays intact during VMware vMotion events. Similarly, Cisco vWAAS provides automated Cisco WAAS policy for virtual machines.
• For long-distance virtual machine migration using Cisco OTV, after performing the initial configuration, the network administrator does not have to be involved for specific migration events - the network will automatically create and tear down connections as needed.
• The Cisco Nexus 1000V standard tools such as NetFlow and SPAN offer virtual machine-level granularity. Management platforms such as Cisco Data Center Network Manager and Virtual Network Management Center are designed to provide visibility down to the virtual machine level.
Organizational Evolution
At some point, businesses must adapt their organizational structure to address the changes resulting from virtualization. The dynamic nature of virtualized environments demands a higher level of collaboration across the IT department. Currently, server administrators often end up administering other IT resources, such as network and security resources - a situation that often is not ideal.
What Cisco Offers
Cisco supports organizational evolution by allowing the IT teams to work in a loosely coupled manner and by allowing teams to continue to use the tools with which they are already familiar:
• With policy-based management, after the policies are created, the server administrators can access them as needed so they have agility and flexibility while still maintaining compliance with best practices for network policy, security policy, etc.
• Cisco's approach is nondisruptive: administrators continue to use the tools they already use. For example, server administrators continue to use VMware vCenter to access and apply policies. Similarly, network administrators can manage the Cisco Nexus 1000V just like any other Cisco Nexus switch.
• Cisco offers professional services to help customers align organizational structure and capabilities with IT strategy.
Conclusion
The benefits of virtualization are clear, but the challenges can be daunting. Cisco, with its abundant experience, technical leadership, and strong partner ecosystem, is uniquely positioned to help any enterprise reach its full technological potential.
