2020数据中心解决方案

数据中心解决方案1目录数字化校园网数据中心带来的挑战2校园网建设正在发生变化……正由带宽、链路等“硬主题”向数据集中、数据整合、应用与管理智能等“软主题”迁移21世纪的大学需要新型的Web2.0的应用信息共享:blogs,wikis,RSS创建社区:提供学习互助改变大学传递教学内容的方式：网络内容自己创建应用的数字化：网络迎新系统、教务Web管理系统、办公自动化、电子邮件系统等344目前数据中心带来的挑战电源和制冷资产利用率统一管理维护安全威胁业务连续性电源和制冷资产利用率统一管理维护安全威胁业务连续性-灾备4OperationLimitsNewBusinessPressuresCollaborationEmpoweredUserSLAMetricsGlobalAvailabilityReg.ComplianceCollaborationEmpoweredUserSLAMetricsGlobalAvailabilityReg.ComplianceAddressingDataCenterChallengesCisco’sApproach•VirtualizedServers,•VirtualizedServers,Storage•FCoE,DCE,FC,IP•VSANs,IVR,VSS,VDC•VirtualContexts虚拟化VirtualizedServers,StorageFCoE,DCE,FC,IPVSANs,IVR,VSS,VDCVirtualContextsHardwarePlatforms

整合UnifiedFabric,I/OStorageandSANConsolidationCentralizedAppl’nSwitching

NextGenToolsProvisioningCMDB’sProcessAutomation自动化SimplifyEnvironments自动化SimplifyEnvironmentsEnablerof‘ServiceVelocity’ReducesRiskofOperatorErrorResults-Consistent,Repeatable▪ ▪ SimplifyEnvironments▪ Enablerof‘ServiceVelocity’▪ ReducesRiskofOperatorError▪ Results-Consistent,Repeatable目录数字化校园网数据中心带来的挑战数据中心解决方案思科数据中心创新产品6整合UnifiedFabric,整合UnifiedFabric,I/OStorageandSANConsolidationCentralizedAppl’nSwitchingHardwarePlatforms

NextGenToolsProvisioningCMDB’sProcessAutomationChangeMgmtVirtualizationVirtualizedServers,StorageFCoE,DCE,FC,VirtualizationVirtualizedServers,StorageFCoE,DCE,FC,IPVSANs,IVR,VSS,VDCVirtualContexts▪ SimplifyEnvironments▪ SimplifyEnvironments▪ Enablerof‘ServiceVelocity’▪ ReducesRiskofOperatorError▪ Results-Consistent,Repeatable•VirtualizedServers,Storage•FCoE,DCE,FC,IP•VSANs,IVR,VSS,VDC•VirtualContextsAutomationSimplifyEnvironmentsEnablerof‘ServiceVelocity’ReducesRiskofOperatorErrorResults-Consistent,Repeatable网络整合UnifiedFabric网管网络FE连接前端业务网GE连接

备份网络

UnifiedFabric存储网络接

后端集群IB连接UnifiedUnifiedFabric和统一I/O899减少了8%整个直流电源消耗快速部署新的减少了8%整个直流电源消耗快速部署新的应用，立即连接到所有网络-SAN,LAN,HPC.每个主机能够利用存储资源，提高磁盘存储和利用率Rack,Row,andX-DataCenterVMportabilitybecomepossible.应用整合－Service-OrientedArchitecture（SOA）面向服务的开发模式/架构带来的好处–分布式松耦合的结构–重复利用、资源共享–快速构建、灵活高效10感受由服务搭建的应用－MashupMarshupWeb应用程序可以是一个Web站点或者是一个应用，他将多个内容源内容集成，产生新的Web服务体验，例如Wikipedia主要借助于在线的网站服务和API.功能上可以不受任何Web浏览器的限制五花八门的Mashups应用mashupmashupmashup、新闻mashup演示站点()Mushup两个Web服务Craigslist（分类广告）andGoogleMaps11演示站点()12使用SOAandWebServices带来的挑战内容抽取内容安全内容抽取内容安全格式校验格式转换需要对XML换等，大大增加了服务器的负担流量增大、跨广域网带来应用响应性能问题新的专注于内容安全攻击BusinessprocessingBusinessprocessingCostofMessageProcessingOSAppServerBusinessprocessingBusinessprocessingCostofMessageProcessingOSAppServerMessageProcessingOSAppServerMessageProcessingCPUUsageFew ManyNumberofEnd-points13Web2.0/SOA 应用整合Web2.0,WebServiceIntegrationWeb2.0,WebServiceIntegration

NetworkFirewall

XMLWebServicesAwareApplicationsACEXMLXMLWebServicesAwareApplicationsManagerExternalXMLWebServicesConsumers

ACESwitches

ACEXMLGateway

Portal

ACEXMLGateway

IdentitySystems

ACEXMLGatewayXMLAcceleration&OffloadPerimeterSecurity（应用层防火墙）XMLAcceleration&OffloadPerimeterSecurity（应用层防火墙）Parsing

SchemaValidation

XPathFiltering

XML

SignatureVerification

XML

XMLSigning

XMLEncryption14应用整合服务控制引擎（ACE）模块课件视频点拨

16GCisco6500/7600ACE16GCisco6500/7600ACE模块 服务器可灵活的部署在企业数据中心任何位置都能获得ACE提供的负载均衡、冗余和应用优化服务15应用安全整合 黑客今天攻击的关注点CustomWebApplicationsCustomizedPackagedAppsInternaland3rdPartyCodeBusinessLogic&Code75%ofAttacksFocusedHereCustomWebApplicationsCustomizedPackagedAppsInternaland3rdPartyCodeBusinessLogic&CodeNetworkFirewall

IDSIPSNetworkOperatingSystemsOperatingSystemsNetworkOperatingSystemsOperatingSystemsOperatingSystemsDatabaseServersApplicationServersWebServers投资比例失衡：75%的投资只能防止25%安全脆弱性16OWASP-2007TopTenAttackList两个知名的Web应用安全组织WASC = WebApp SecurityConsortiumOWASP=OpenWebAppSecurityProjectSource:WhiteHatSecuritySource:WhiteHatSecurity17我国的Web网页被黑统计国家计算机网络应急技术处理协调中心（CNCERT/CC）统计:2008年上半年我国国内网站被黑被篡改的统计图在1月－7月内仅发现的被篡改的网站就多达41,000多个，平均每天就有近200个网站被篡改，这真是一个惊人的数字。/showContent_13257.htm18ACE XMLGateway应用层防火墙ThreatProtectionExtensiveThreatSignaturesHTTPInputNormalizationApplicationCloakingEncrypted&TamperproofCookiesSSLclientandserverdecryptionDataoverflowprotectionDataTheftPreventionCustomerrorremappingEgresscontentrewriteWebService-securityXMLdenialofserviceContentscreeningXMLattackdetectionAttachmentanti-virusroutingPrivacyenforcementUsabilityPowerfulyetsimpleGUISeamlessSignatureUpdatesHuman-assistedsitelearningMIB&StatisticsInstantalertingandreportingChangecontrolandauditlogExtensiveSecurityLogging

ACEXMLAddressesAllKeyPCIRequirementsAddressesAllKeyPCIRequirements19整合UnifiedFabric,整合UnifiedFabric,I/OStorageandSANConsolidationCentralizedAppl’nSwitchingHardwarePlatforms

NextGenToolsProvisioningCMDB’sProcessAutomationChangeMgmt虚拟化VirtualizedServers,StorageFCoE,DCE,FC,虚拟化VirtualizedServers,StorageFCoE,DCE,FC,IPVSANs,IVR,VSS,VDCVirtualContexts▪ SimplifyEnvironments▪ SimplifyEnvironments▪ Enablerof‘ServiceVelocity’▪ ReducesRiskofOperatorError▪ Results-Consistent,Repeatable•VirtualizedServers,Storage•FCoE,DCE,FC,IP•VSANs,IVR,VSS,VDC•VirtualContextsAutomationSimplifyEnvironmentsEnablerof‘ServiceVelocity’ReducesRiskofOperatorErrorResults-Consistent,RepeatableVoVSANsVirtualVLANsStorageVirtualizationServerVirtualization网络的虚拟化VoVSANsVirtualVLANsStorageVirtualizationServerVirtualization网络的虚拟化VLANs,FCoE,QOS,ACLabstractionsPolicychangesbasedonI/OutilizationVirtualpatchpanelsNetworkVirtualizationIP/NetworkVirtualizationIP/VPNsIP/VPNs存储的虚拟化ResourceconservationofArrayportsImproveddatamgmt.&complianceServertostorageI/OtroubleshootingNetworkVirtualization服务器的虚拟化BaremetalmobilitybetweenclustersVMmobilitybetweenclustersImprovedcapacityutilizationServerVirtualizationVLANsAppOSVirtualI/OMaAppAppAppAppOSOSOSOSHypervisorStorageVirtualizationVSANsVo21VirtualServers/Machines数据中心的虚拟化VirtualServers/MachinesApplication1Application2Application1Application2VirtualServers/MachinesVirtualLANsVLAN2VLAN3VLAN1VirtualNetworkServicesVirtualFirewallContext1Virtual VirtualSLB SSLContext 2 3VirtualSANSVSAN3 VSAN1VSAN2VirtualStorageVirtualStorageVirtualLANsVLAN1VLAN2 VLAN3VirtualSANSVirtualStorageVirtualLANsVLAN1VLAN2 VLAN3VirtualSANSVSAN1VSAN2 VSAN3DeviceLevelVirtualizationtoVirtualServicesVirtualNetworkServicesPhysicalBlade

VFrameEnabledServiceOrchestrationCreatinganEnd-to-EndVirtualService22网络虚拟化的最新发展虚拟交换系统（VirtualSwitchSystem）思科最新技术虚拟交换系统（VSS）虚拟交换系统VSS指两台最高端的交换机Catalyst6500通过特殊技术合并为一台交换机各种协议身份都是作为一台看待，包括配置界面虚拟交换系统VSS指两台最高端的交换机Catalyst6500通过特殊技术合并为一台交换机、端口聚合、主控引擎切换……23网络虚拟化的最新发展虚拟交换系统（VirtualSwitchSystem）Before AfterSi Si Si Si Si SiSi Si

Loop-freetopologyNoneedSTPNoHSRP/VRRP1nodetomanageAlllinksactiveSi Si

Si

InternetWANSi SiInternetWANWAN

Data

Internet

WAN

Data

Internet24网络虚拟化的最新发展虚拟交换系统（VirtualSwitchSystem）之VDCVirtualSwitchingSystem(VSS)-Catalyst6500 VirtualDeviceContext(VDC)-Nexus7000Manyto1Virtualization

1toManyVirtualizationVSSUnifiedControlPlane

VDCIsolatedControlPlane25应用虚拟化举例虚拟防火墙、虚拟IDS举例虚拟虚拟虚拟虚拟虚拟虚拟虚拟虚拟虚拟防火墙模块虚拟虚拟虚拟虚拟虚拟防火墙 虚拟IDS26应用虚拟化举例虚拟ACE负载均衡模块部署调度一个虚拟的设备，而非物理设备无需漫长的采购周期无需繁复的设备安装、线路调整、接口划分……数分钟内完成新设备的部署

的进行管理的权限每个业务部门可以部署自己的策略减少的复杂的部门沟通和交叉故障27应用虚拟化举例虚拟ACE负载均衡模块OnlineBusinessApplication

MicrosoftOutlookApps

Oracle

Cisco6500/7600ACE模块BusinessAppsVirtualMachinesBusinessApps物理上不做任何改变

BusinessApps

Oracle

MicrosoftOracle Microsoft28存储的虚拟化服务VSAN应用系统虚拟化环境应用系统虚拟化环境回迁迁移FC备份系统FC生产数据跨存储的无中断迁移LeaseRoll-overSeamlesslyupgradestorageReconfigurestoragetomeetSLAobjectivesDataCentermigration/additions生产系统29存储的虚拟化服务一体化交换架构（UnifiedFabric）下的VM虚拟化Enablesconvergenceofmultipletraffictypes–VirtualMachinesLAN–VirtualMachinesSAN–HypervisorMgmtLAN–VirtualInfrastructureServicesLANScalesVMLANperformance–IncreaseI/Obandwidth–IncreaseVMdensityAcceleratesVirtualInfrastructureServices–LiveVMmigrationsviaVMotionandDRSfeatures–Enableadditionalservices

LAN

LAN

SANAVMotion

SANB10GbE10GbEDCEFibreChannel10GbEFCoE/DCENuovaSystemsInc. 30整合UnifiedFabric,I/O整合UnifiedFabric,I/OStorageandSANConsolidationCentralizedAppl’nSwitchingHardwarePlatforms

NextGenToolsProvisioningCMDB’sProcessAutomationChangeMgmt虚拟化VirtualizedServers,StorageFCoE,DCE,FC,虚拟化VirtualizedServers,StorageFCoE,DCE,FC,IPVSANs,IVR,VSS,VDCVirtualContexts▪ SimplifyEnvironments▪ SimplifyEnvironments▪ Enablerof‘ServiceVelocity’▪ ReducesRiskofOperatorError▪ Results-Consistent,Repeatable•VirtualizedServers,Storage•FCoE,DCE,FC,IP•VSANs,IVR,VSS,VDC•VirtualContexts自动化SimplifyEnvironmentsEnablerof‘ServiceVelocity’ReducesRiskofOperatorErrorResults-Consistent,Repeatable今天采用VFrameDC以服务的观点为物理资源分类用标准化的架构模板确保设计的一致性为Serer虚拟化环境提供自动化的管理Reducebreak-fixserversupportcostswithrapidrecoveryfromsharedpoolRecoverfailedservicewithrapidlocaldisasterrecoveryProvidepolicy-baseddynamiccapacityon-demandforapplicationsPolicyVFrameDC

ServerServiceViewSlowapplicationperformanceHypervisorSlowapplicationperformanceHypervisorTraditionalsilos32HypervisorSAN NASHypervisorStorageServiceView

XXXV V V V VVV V V V VVApplicationService1

ApplicationDegradationorFailureRapidlyconfigurenewapplicationenvironment数据中心愿景：应用部署的自动化（举例）今天:需要部署一个企业的服务网络管理员确保访问路由可指向新的服务器安全管理员检查安全策略,增加防火墙的可通过的端口地址负载均衡管理员把新的服务器加入到服务器群组中网络管理员连接以太网,配置VLAN及端口的相关设置系统管理员安装新的服务器安装O/S,补丁及应用系统存储管理员配置LUN,映射至服务器存储管理员规划磁盘卷及相关资源

假设我们需要增加一台服务器到Web服务器群组…Thechallengeisoneof‘coordinationdelays’.Thistypeofsimplescale-outofanexistingserveoftentakesenterprises90-days.Newserviceturn-ups,after