data center and network planning and services mark redican iet ccfit update feb 13, 2012

Data Center and Network Planning and Services

Mark Redican

IET

CCFIT Update Feb 13, 2012

Faculty/Research Computing Support Services

• Windows, Mac, & Unix/Linux Server Administration and consulting– Databases, web services, etc.

• Workstation & Mobile Device Support• Desktop/Laptop Management• Software/Hardware Installation• Backup & Data Recovery• Cyber-Safety Evaluation, Compliance & Reporting

Faculty/Research Computing Support:When & Where IET Services Make Sense

• Identifying effective solutions and quantifying true costs when creating proposals.

• Server configuration at the start of a project.• Providing systems administration and desktop support

for the duration of projects.– Service Level Agreements for on-going system

management and support.– Ad-hoc support can augment departmental or other

support resources.

Faculty/Research Computing Support:When & Where IET Services Make Sense

• Forensics and Malware Removal

• Secure PC and Server Configuration

• Software & Hardware Installation

• Hardware Repair

• Laptop Loaner Service

• Technical Consulting

Infrastructure Computing Services

• Co-location Services

• Virtual Server Hosting

• Network Administration

• High speed networking – Optical, 10 Gig Ethernet– Research Network

• Firewall & VPN Services

• Technical Consulting

Infrastructure Computing Services :When & Where IET Services Make Sense

• Proper server room space is unavailable or too costly to maintain.

• Offload server hardware management.• Development servers or short term computing needs.• Offload firewall and VPN hardware and service

management.• Network performance tuning.• Research partnerships

– Sanitized network data– Managed access to network infrastructure

Data Center Project

• Build, buy or lease a permanent data center

• Joint facility – UCD and UCDHS

• Modern, energy efficient space – 30,000+ sq ft– Build out in phased manner

– Supports all flavors of computing resources

• Decommission ad hoc server rooms on campus

• Consultant hired – recommendations being developed

Data Center Expansion to Quest

• Provost approved funding for Quest

• Quest is a tier III colocation facility at McClellan BP

• Interim space until permanent data center on-line

• 800 sq ft – 30 racks

• 800 sq ft expansion option

Data Center Expansion to Quest

• Space available at Quest - April 2012

• Expect first compute load May 2012

• May 2012 – June 2013 move DC equipment– Majority moved by January 2013

– Vacated space available for research computing

– Project subsidizing co-location costs

• January 2013 and on move department equipment

Strategy

• Virtualize majority of systems (500 pieces of equipment)

• Hire 1-2 contract FTE to assist transition

• Purchase second SAN

• Purchase additional VM blade chassis

• Move services at virtual layer

Benefits of Strategy

• Risk mitigation – VM migrations

• Ongoing replication of data between sites

• Virtualization good– Cost effective– Reduced footprint– Reduced energy consumption

Networking

Departmental Co-location

• Some space at Quest is identified for departmental co-location

• Campus server consolidation efforts– Minimize investments in ad hoc server rooms– Service Consolidation– Server Virtualization– Co-location

Costs

• Campus is funding most of Quest

• No additional costs passed on to clients

• Similar costing to existing co-location rates – No co-location fees for research computing

• Off site SAN replication will be part of most basic services

• Addresses need for reliable facility, additional space and disaster recovery

Campus IT Initiatives

• Data Center• Centralized Security• Centralized E-mail / Unified Communications• Enterprise Active Directory

• Opportunity to restructure the campus network and network management

Campus IT Initiatives

• Data Center– Joint Data Center w/ UCDHS– Build/Buy/Lease modern facility– Quest, Campus Data Center for interim needs

Campus IT Initiatives

• Centralized Security– Sustainable funding for existing services– Centrally managed firewalls– Identity and access management

• Centralized E-mail / Unified Communications– uConnect/Office 365– Davismail– Lync/UM

Campus IT Initiatives• Enterprise Active Directory

– Consolidate DNS, Kerberos, LDAP– Certificate services– Network access control– BigFix

• Asset, patch and energy management– Anti-virus management– Sharepoint document management– Business applications (.NET)

Example: Dept. VLAN

Servers

CENIC/Internet

End-Users

Core/Area Routers

Building Routers

EthernetSwitches

VLANs span network core

Dept. ManagedDHCP

Static DNSIP based security

Dept Firewall

Campus Network Future State

Servers (DMZ)

CENIC/Internet

End-Users

Core/Area Routers

Building Routers

EthernetSwitches

Data Center

HPC

Servers (Data)

Firewalls

User Firewalls

GenericUser VLANs(Dynamic)

IP Core & Services

Centrally ManagedDHCP

Dynamic DNS802.1xCerts

Identity based security

Questions

• Thank You