1. the traditional frame IT structure is facing problems
With the rapid development of the business system, the IT architecture is becoming the infrastructure of the service system. It is more and more important to deploy quickly, reduce the investment and expand flexibly. Cloud computing can provide available, convenient, on-demand resources, become a mainstream form of the current IT architecture construction, many new systems are constructed using cloud model, at the same time, there are a large number of existing business systems, then Xiang Yun computing environment for migration.
After many years of high-speed development, server virtualization has become more and more mature, and more and more fields have been accepted and applied. It effectively reduces the cost of hardware procurement, improves resource utilization and availability, while greatly improving the efficiency of operation and maintenance, easing the pressure faced by IT construction. Although the popularity of server virtualization has changed the deployment and management of applications, the network and storage of virtual machines connected by all dynamic loads are far behind:
The network deployment is still extremely slow, even a simple topology changes will be days or weeks;
The storage building is still extremely complex, volume management administrator needs to learn more to the related technology.
Such IT architecture, including the implementation of the server virtualization framework, has not been able to meet the various needs of the cloud into the face of the following challenges:
·Tightly coupled business and architecture
The traditional data center business is the partition of domain of construction, usually at POD (data center standard access unit) as a unit to realize the division of the IP address network: a POD within a segment, the same kind of business planning and deployment. The domain partition plan clear, easy to maintain, but is the inadequacy of business expansion is limited, for example: A service deployment in POD A, if POD A to no space left, when unable to realize the expansion of the business, you need to put the A deployed in other frame. At this time, POD A is required to implement two layer Trunk interworking with other rack TOR switches, and the problem is that a lot of configuration changes need to be made to the network. As a result, business and architecture are tightly coupled, and once the business changes, the physical architecture needs to be adjusted accordingly.
·The traditional architecture restricts the East-West flow
The traditional architecture takes the core switch as the critical point and becomes the boundary of the two or three layer network. The core switch is the three layer environment, which mainly controls the data flow between the north and the south. The following core switches, due to the large-scale use of virtual machines, the main features of the migration of virtual machines mainly based on East-West traffic. At the same time, after the migration of the virtual machine, it also needs its IP address, MAC address and other parameters remain unchanged, it must be achieved through two layers of environment.
·The hardware specifications of network devices limit the size of the business system
In the virtual environment, large-scale deployment of virtual machines, the MAC address table item on physical switch size (traditional access switch MAC address table is: 8K/16K, the core switch single slot generally: 128K/250K) limited the size of the virtual machine, especially for the access switch, the smaller the MAC address table the specification, seriously limits the whole layer under the environment of the data center business scale.
·Unable to accommodate large-scale tenant deployments
When a large number of tenants or a large amount of business in the network, the network isolation is very important, the current mainstream of the two layer network isolation technology for VLAN, but in a large number of tenants or large business deployment will be a lot of restrictions.
·Limitations of traditional security deployment patterns
Safe deployment of traditional business system framework are the path, the deployment topology strategy based on security deployment according to the business requirements of manual configuration of VLAN, IP, drainage strategy, if the business changed, the security policy configuration will have to be re configured.
In addition, traditional security policies are deployed based on physical hardware, and most of the deployments are implemented in patches. In the early lead industry due to the volume of business is small so that the equipment utilization rate is low resulting in a waste of resources, and later with the increment of the volume of business operations may also appear in performance is not enough, the performance of safety equipment according to business requirements and extended performance dynamic or release resources.
2. ultra Fusion Architecture Overview
Ultra fusion architecture solutions, integration of: computing, networking, storage and security four modules, through the full virtualization approach to build IT architecture resource pool. All module resources can be deployed on demand, flexibly scheduled, and dynamically extended. The super fusion machine or super fusion operating system can in the shortest possible time, make full use of existing old hardware infrastructure, business migration system is safe, stable and efficient to super integration platform, and lay the foundation for the post to a private cloud platform, which can realize the multi tenant management and billing audit functions etc..
The super converged architecture solution software architecture mainly consists of three components (server virtualization, aSV, network virtualization, aNet, storage virtualization aSAN) and a management platform (virtualization management platform VMP). Hardware architecture, you can use the whole machine to boot or use, you can also use the universal X86 server to achieve the infrastructure load. With the traditional campus network switch (backplane bandwidth and exchange capacity enough), the entire platform can be built without any complicated data center switches with complex functions.
图示:超融合架构全景图
Hyper fusion architecture layer
Super fusion architecture to server virtualization is the underlying architecture, extend network virtualization and storage virtualization, by the way of painting can quickly build a business logic, to realize dynamic scheduling of virtual resources and flexible expansion at the same time, the whole network traffic visibility, the configuration is simple and visual, flexible and convenient operation and maintenance
Icon: the business logic that is drawn
Illustration: full network traffic visibility view
Overview of Server Virtualization (aSV)
ASV virtualization platform as a software layer between the hardware and operating system, using virtualization technology X86 bare metal architecture, the physical resources of the server abstraction, CPU, memory, I/O and other physical resources of the server into a set of logical resource management, scheduling and allocation, and based on these logical resources construction multiple virtual machines running at the same time, an isolated execution environment on a single physical server, achieve higher resource utilization, and meet the demand of dynamic resource allocation more flexible application, such as heat migration, HA high availability, lower operating costs, higher flexibility and more rapid response service speed.
Network virtualization (aNET) overview
The virtual network of aNet, by providing a new way of network operation, it solves many problems of traditional network management and operation and maintenance of hardware, and help data center operators will increase agility and economy of several orders of magnitude.
ANet program through the network virtualization and server virtualization aSV combination between virtual machines and physical network, provides a set of logical network equipment, complete connection and service, including distributed virtual switch aSwitch, virtual router aRouter, virtual next-generation firewall, virtual vNGAF application delivery vAD, virtual vSSL and virtual VPN WAN optimization vWOC virtual network and safety equipment; then, can also support the VXLAN enhanced network protocol, to achieve seamless and physical network, simplify network configuration management; in addition, you can also pass over the virtualization management platform, realize the network topology deployment, network fault detection and other network management functions.
Thus, aNet virtual network can quickly complete the network deployment of different application systems, automatic adjustment of network configuration, network troubleshooting work, enhance the management efficiency of operation and maintenance of the network, improve network ready, expansion speed, reduce the construction cost of the physical network data center.
Overview of Storage Virtualization (aSAN)
ASAN virtualization, cluster based design, the hard disk storage space on the server of the organization into a unified virtual shared memory pool, ServerSAN distributed storage system, the data of high reliability, high performance storage. Distributed storage system in function and independent shared memory is completely the same; a data will be stored in a plurality of different physical servers on the hard disk, to improve data reliability; in addition, the SSD cache, IO can significantly enhance the performance of the server hard disk, to achieve high performance storage. At the same time, as storage and computing are fully integrated, a hardware platform does not require users to purchase SAN network devices (FC, SAN, or iSCSI SAN) that connect computing servers and storage devices as usual.
Overview of network enabled Virtualization (NFV)
The software defined network has become the trend of technology development, but also took the lead in the domestic launch of data center security, optimize the full range of products (NGAF SSL VPN, next generation firewall, AD application delivery, WOC WAN optimization) software virtualization solutions. The past need to deploy special hardware products, no longer need to rely on special hardware, the software can mirror the way, the perfect support for Vmware, KVM and XEN in the server virtualization environment deployment. In order to simplify the E-government cloud data center network architecture, a variety of security and optimization scheme according to the virtual expansion and flexible application for virtual individual tenants, but also to facilitate the operation and maintenance of a clear division of responsibilities of the parties.