cloud infrastructure and services version 2 - lab
Post on 25-Dec-2015
63 views
DESCRIPTION
Cloud Infrastructure and ServicesTRANSCRIPT
EMC2 PROVEN PROFESSIONAL
Cloud Infrastructure and Services Version 2
Lab Guide
October 2014
EMC2 PROVEN PROFESSIONAL
Copyright
Copyright © 1996, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012 2013, 2014 EMC Corporation. All Rights Reserved. EMC believes the information in this publication is accurate as of its publication date. The information is subject to change without notice.
THE INFORMATION IN THIS PUBLICATION IS PROVIDED “AS IS.” EMC CORPORATION MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Use, copying, and distribution of any EMC software described in this publication requires an applicable software license.
EMC2, EMC, Data Domain, RSA, EMC Centera, EMC ControlCenter, EMC LifeLine, EMC OnCourse, EMC Proven, EMC Snap, EMC SourceOne, EMC Storage Administrator, Acartus, Access Logix, AdvantEdge, AlphaStor, ApplicationXtender, ArchiveXtender, Atmos, Authentica, Authentic Problems, Automated Resource Manager, AutoStart, AutoSwap, AVALONidm, Avamar, Captiva, Catalog Solution, C-Clip, Celerra, Celerra Replicator, Centera, CenterStage, CentraStar, ClaimPack, ClaimsEditor, CLARiiON, ClientPak, Codebook Correlation Technology, Common Information Model, Configuration Intelligence, Configuresoft, Connectrix, CopyCross, CopyPoint, Dantz, DatabaseXtender, Direct Matrix Architecture, DiskXtender, DiskXtender 2000, Document Sciences, Documentum, elnput, E-Lab, EmailXaminer, EmailXtender, Enginuity, eRoom, Event Explorer, FarPoint, FirstPass, FLARE, FormWare, Geosynchrony, Global File Virtualization, Graphic Visualization, Greenplum, HighRoad, HomeBase, InfoMover, Infoscape, Infra, InputAccel, InputAccel Express, Invista, Ionix, ISIS, Max Retriever, MediaStor, MirrorView, Navisphere, NetWorker, nLayers, OnAlert, OpenScale, PixTools, Powerlink, PowerPath, PowerSnap, QuickScan, Rainfinity, RepliCare, RepliStor, ResourcePak, Retrospect, RSA, the RSA logo, SafeLine, SAN Advisor, SAN Copy, SAN Manager, Smarts, SnapImage, SnapSure, SnapView, SRDF, StorageScope, SupportMate, SymmAPI, SymmEnabler, Symmetrix, Symmetrix DMX, Symmetrix VMAX, TimeFinder, UltraFlex, UltraPoint, UltraScale, Unisphere, VMAX, Vblock, Viewlets, Virtual Matrix, Virtual Matrix Architecture, Virtual Provisioning, VisualSAN, VisualSRM, Voyence, VPLEX, VSAM-Assist, WebXtender, xPression, xPresso, YottaYotta, the EMC logo, and where information lives, are registered trademarks or trademarks of EMC Corporation in the United States and other countries.
All other trademarks used herein are the property of their respective owners.
© Copyright 2014 EMC Corporation. All rights reserved. Published in the USA.
Revision Date: 10-17-2014 Revision Number: 1.0 MR-1CP-CISV2
3EMC2 PROVEN PROFESSIONAL
Document Revision History
Rev # File Name Date
1.0 First Release 10/17/2014
4EMC2 PROVEN PROFESSIONAL
This page intentionally left blank.
5EMC2 PROVEN PROFESSIONAL
Table of Contents
COPYRIGHT .......................................................................................................... 2
DOCUMENT REVISION HISTORY ........................................................................... 3
LAB 1: CLOUD INFRASTRUCTURE LAYERS .............................................................. 7
LAB 2: SERVICE MANAGEMENT AND SECURITY ................................................... 13
6EMC2 PROVEN PROFESSIONAL
This page intentionally left blank.
7EMC2 PROVEN PROFESSIONAL
Lab 1: Cloud Infrastructure Layers
Purpose:
To reinforce the concepts presented in the lecture portion of
the course, module 1 through module 6.
Tasks: Participants are required to provide a solution for the
deliverables based on the given scenario and requirements.
References: Module: Introduction to Cloud Computing
Module: Building the Cloud Infrastructure
Module: Physical Layer
Module: Virtual Layer
Module: Control Layer
Module: Service and Orchestration Layers
8EMC2 PROVEN PROFESSIONAL
Company Profile
A financial organization has 6000 employees and provides services to more than 20
million customers. To deliver IT services to its business units, the organization operates
two data centers at two different geographic locations. The data centers run their
business applications on more than 300 physical compute systems. The infrastructure
components (compute systems, network devices, and storage devices) are
heterogeneous in nature. Some of the applications are proprietary (developed in‐
house by the organization) and some of them are off‐the‐shelf.
Organization’s Challenges
Over the past 10 years, the organization has made several strategic investments to
build its market share. However, the organization is now facing a challenge to cope
with the fast changing demands of customers about services provided by the
organization. These demands are forcing the organization to develop and deploy
several new applications and make the services available to the customers rapidly.
With the current infrastructure, rapid deployment of application is very difficult. The
utilization of the compute systems, network, and storage is less than 20 percent of the
available capacity. Also, deploying a new application takes a long time because it
involves purchasing new compute systems, installing software, configuring network
and storage, and configuring security.
Continued on next page
9EMC2 PROVEN PROFESSIONAL
Deliverables
The organization wants to transform their existing data center to cloud infrastructure
to leverage the benefits of cloud. They would like to build the cloud infrastructure by
repurposing their existing infrastructure. After deploying new services to the
consumers the organization is expecting cloud burst to occur from time to time. They
do not want to invest money on the infrastructure to provision resources to meet the
requirements of the occasional increase in the peak workload.
The organization plans to develop several new applications to offer new services to
their customers. The proprietary application provides the organization competitive
advantage and they therefore want to set up an environment for it on their
infrastructure. They also require the environment to enable development, testing, and
deployment of scalable applications in an agile manner. They also want to set up an
environment to deploy the proprietary and off‐the‐shelf applications.
As the existing infrastructure is heterogeneous nature, the organization requires the
ability to automate the provisioning and configuration tasks based on defined policies.
The organization requires the ability to dynamically, uniformly, and easily modify and
manage their infrastructure. Also, the organization requires the ability to discover the
available underlying resources and provides an aggregated view of the resources.
Continued on next page
10EMC2 PROVEN PROFESSIONAL
Solution:
The organization needs to deploy the virtual, control, orchestration, and service layers
on the existing physical layer to build the cloud infrastructure.
Following points details how different layers and approach address the organization’s
challenges:
1. Deploying virtual layer:
a. Enables improving the utilization of infrastructure components
i. With the help of VMs, VLANs, VSANs, thin LUNs and so on
b. Enables rapid deployment of compute systems for applications
i. With the help of VM template and virtual appliance
2. Deploy orchestration layer:
a. Enables automated provisioning and configuration of tasks based on
defined policies
3. Software‐defined approach:
a. Ability to dynamically, uniformly, and easily modify and manage their
infrastructure
b. Ability to discover the available underlying resources and provides an
aggregated view of the resources
4. Brownfield deployment option and integrating best‐of‐breed cloud
infrastructure components
a. Enable repurposing their existing infrastructure to build the cloud
5. Hybrid deployment model
a. Enable accommodating increased peak workload that may occur from
time to time
Continued on next page
11EMC2 PROVEN PROFESSIONAL
6. Platform as a Service
a. Enable development and testing of scalable applications in an agile
manner
7. Infrastructure as a Service
a. Enable deployment of proprietary and off‐the‐shelf applications
End of Lab 1
12EMC2 PROVEN PROFESSIONAL
This page intentionally left blank.
13EMC2 PROVEN PROFESSIONAL
Lab 2: Service Management and Security
Purpose:
To reinforce the concepts presented in the lecture portion of
the course, Module 8: Security and Module 9: Service
Management
Tasks: Participants are required to provide a solution for the
deliverables based on the given scenario and the
requirements.
References: Module: Security
Module: Service Management
14EMC2 PROVEN PROFESSIONAL
Scenario
A cloud service provider uses 50 percent of its data center equipment to setup a cloud
infrastructure. The remaining equipment is used for internal operations and for
testing. The cloud infrastructure consists of a hypervisor cluster. A resource pool is
created by aggregating the available resources of the hypervisor cluster. The cloud
infrastructure is used to provide compute services. The services are allocated
necessary processing power and memory resources from the resource pool.
The hypervisor cluster is composed of 10 identical physical compute systems
containing 2 redundant (passive) compute systems. This means that the cluster can
absorb up to two compute system failures and continue to support all services at the
same level of performance. The available processing power and memory per physical
compute system in the cluster is equal to 19.2 GHz and 64 GB respectively. The
existing resources in the data center can meet capacity requirement of services in
short‐term. However, the provider should procure and provision additional resources
as required to avoid the capacity issues in future. Further, the provider is concerned
about security attacks that may compromise the hypervisors running on the physical
compute systems. The provider should take control measures to protect against such
attacks.
Continued on next page
15EMC2 PROVEN PROFESSIONAL
The capacity management process in a service provider’s organization is shown in the
figure. The process comprises several activities, shown in rectangular boxes. The
process also consists of conditions. They allow the process to branch into different
directions, depending on whether the conditions are met or not.
Given: The thresholds for over utilization and underutilization of resources are 70
percent and 40 percent utilization of total resource capacity respectively. These are
used to determine whether the resource pool is over utilized or underutilized.
Continued on next page
16EMC2 PROVEN PROFESSIONAL
Deliverables
Establish the required capacity management activities marked by ‘X1’ and ‘X2’ in the
figure for below cases:
Case 1: Processing power already allocated to services from the resource pool is
equal to 32.8 GHz and memory capacity already allocated to services from the
resource pool is equal to 123 GB
Case 2: Processing power already allocated to services from the resource pool is
equal to 88.2 GHz and memory capacity already allocated to services from the
resource pool is equal to 320 GB
List the control measures that can address the provider’s security concern.
Continued on next page
17EMC2 PROVEN PROFESSIONAL
Solution for Case 1
Number of compute systems in the cluster is equal to 10 (8 active and 2
redundant)
Total processing capacity of resource pool = 8 * 19.2 GHz = 153.6 GHz
Total memory capacity of resource pool = 8 * 64 GB = 512 GB
Utilization (%) of processing capacity of resource pool = (32.8/153.6)*100 = 21.4
%
Utilization (%) of memory capacity of resource pool = (123/512)*100 = 24 %
As the resources are underutilized (<40%), activity X1 needs to be carried out
Activity X1:
o Transfer some of the underused compute systems to another
environment that is under‐resourced
o Reduce the size of resource pool, ensuring that resource utilization is
within the normal utilization limits (>40% and <70%)
Continued on next page
18EMC2 PROVEN PROFESSIONAL
Solution for Case 2
Available processing capacity of resource pool = 8 * 19.2 GHz = 153.6 GHz
Available memory capacity of resource pool = 8 * 64 GB = 512 GB
Utilization (%) of processing capacity of resource pool = (88.2/153.6)*100 = 57.4
%
Utilization (%) of memory capacity of resource pool = (320/512)*100 = 62.5 %
Although, resource utilization is within the normal utilization limits (>40% and
<70%), enough resources are not available to satisfy the future demand for
capacity. Hence, activity X2 needs to be carried out.
Activity X2:
o Determine current capacity reserves
o Establish capacity consumption trends
o Forecast future demand for capacity
o Plan for procurement and provisioning of additional capacity
Continued on next page
19EMC2 PROVEN PROFESSIONAL
Solution for Security
Control measures to protect hypervisors against attacks are:
o Install security‐critical hypervisor updates when they are released by the
hypervisor vendor
o Harden hypervisor
o Access to hypervisor management server should be restricted to
authorized administrators
o Encrypt network traffic when managing remotely
o Deploy firewall between the management system and the rest of the
network
o Rotate or delete log files when they reach a certain size to protect
against denial of service
End of Lab 2
20EMC2 PROVEN PROFESSIONAL
This page intentionally left blank.