cloud infrastructure and services version 2 - lab

EMC2 PROVEN PROFESSIONAL

Cloud Infrastructure and Services Version 2

Lab Guide

October 2014

EMC2 PROVEN PROFESSIONAL

Copyright

Copyright © 1996, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012 2013, 2014 EMC Corporation. All Rights Reserved. EMC believes the information in this publication is accurate as of its publication date. The information is subject to change without notice.

THE INFORMATION IN THIS PUBLICATION IS PROVIDED “AS IS.” EMC CORPORATION MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Use, copying, and distribution of any EMC software described in this publication requires an applicable software license.

EMC2, EMC, Data Domain, RSA, EMC Centera, EMC ControlCenter, EMC LifeLine, EMC OnCourse, EMC Proven, EMC Snap, EMC SourceOne, EMC Storage Administrator, Acartus, Access Logix, AdvantEdge, AlphaStor, ApplicationXtender, ArchiveXtender, Atmos, Authentica, Authentic Problems, Automated Resource Manager, AutoStart, AutoSwap, AVALONidm, Avamar, Captiva, Catalog Solution, C-Clip, Celerra, Celerra Replicator, Centera, CenterStage, CentraStar, ClaimPack, ClaimsEditor, CLARiiON, ClientPak, Codebook Correlation Technology, Common Information Model, Configuration Intelligence, Configuresoft, Connectrix, CopyCross, CopyPoint, Dantz, DatabaseXtender, Direct Matrix Architecture, DiskXtender, DiskXtender 2000, Document Sciences, Documentum, elnput, E-Lab, EmailXaminer, EmailXtender, Enginuity, eRoom, Event Explorer, FarPoint, FirstPass, FLARE, FormWare, Geosynchrony, Global File Virtualization, Graphic Visualization, Greenplum, HighRoad, HomeBase, InfoMover, Infoscape, Infra, InputAccel, InputAccel Express, Invista, Ionix, ISIS, Max Retriever, MediaStor, MirrorView, Navisphere, NetWorker, nLayers, OnAlert, OpenScale, PixTools, Powerlink, PowerPath, PowerSnap, QuickScan, Rainfinity, RepliCare, RepliStor, ResourcePak, Retrospect, RSA, the RSA logo, SafeLine, SAN Advisor, SAN Copy, SAN Manager, Smarts, SnapImage, SnapSure, SnapView, SRDF, StorageScope, SupportMate, SymmAPI, SymmEnabler, Symmetrix, Symmetrix DMX, Symmetrix VMAX, TimeFinder, UltraFlex, UltraPoint, UltraScale, Unisphere, VMAX, Vblock, Viewlets, Virtual Matrix, Virtual Matrix Architecture, Virtual Provisioning, VisualSAN, VisualSRM, Voyence, VPLEX, VSAM-Assist, WebXtender, xPression, xPresso, YottaYotta, the EMC logo, and where information lives, are registered trademarks or trademarks of EMC Corporation in the United States and other countries.

All other trademarks used herein are the property of their respective owners.

© Copyright 2014 EMC Corporation. All rights reserved. Published in the USA.

Revision Date: 10-17-2014 Revision Number: 1.0 MR-1CP-CISV2

3EMC2 PROVEN PROFESSIONAL

Document Revision History

Rev # File Name Date

1.0 First Release 10/17/2014


This page intentionally left blank.


Table of Contents

COPYRIGHT .......................................................................................................... 2

DOCUMENT REVISION HISTORY ........................................................................... 3

LAB 1: CLOUD INFRASTRUCTURE LAYERS .............................................................. 7

LAB 2: SERVICE MANAGEMENT AND SECURITY ................................................... 13


Lab 1: Cloud Infrastructure Layers

Purpose:

To reinforce the concepts presented in the lecture portion of

the course, module 1 through module 6.

Tasks: Participants are required to provide a solution for the

deliverables based on the given scenario and requirements.

References: Module: Introduction to Cloud Computing

Module: Building the Cloud Infrastructure

Module: Physical Layer

Module: Virtual Layer

Module: Control Layer

Module: Service and Orchestration Layers


Company Profile

A financial organization has 6000 employees and provides services to more than 20

million customers. To deliver IT services to its business units, the organization operates

two data centers at two different geographic locations. The data centers run their

business applications on more than 300 physical compute systems. The infrastructure

components (compute systems, network devices, and storage devices) are

heterogeneous in nature. Some of the applications are proprietary (developed in‐

house by the organization) and some of them are off‐the‐shelf.

Organization’s Challenges

Over the past 10 years, the organization has made several strategic investments to

build its market share. However, the organization is now facing a challenge to cope

with the fast changing demands of customers about services provided by the

organization. These demands are forcing the organization to develop and deploy

several new applications and make the services available to the customers rapidly.

With the current infrastructure, rapid deployment of application is very difficult. The

utilization of the compute systems, network, and storage is less than 20 percent of the

available capacity. Also, deploying a new application takes a long time because it

involves purchasing new compute systems, installing software, configuring network

and storage, and configuring security.

Continued on next page


Deliverables

The organization wants to transform their existing data center to cloud infrastructure

to leverage the benefits of cloud. They would like to build the cloud infrastructure by

repurposing their existing infrastructure. After deploying new services to the

consumers the organization is expecting cloud burst to occur from time to time. They

do not want to invest money on the infrastructure to provision resources to meet the

requirements of the occasional increase in the peak workload.

The organization plans to develop several new applications to offer new services to

their customers. The proprietary application provides the organization competitive

advantage and they therefore want to set up an environment for it on their

infrastructure. They also require the environment to enable development, testing, and

deployment of scalable applications in an agile manner. They also want to set up an

environment to deploy the proprietary and off‐the‐shelf applications.

As the existing infrastructure is heterogeneous nature, the organization requires the

ability to automate the provisioning and configuration tasks based on defined policies.

The organization requires the ability to dynamically, uniformly, and easily modify and

manage their infrastructure. Also, the organization requires the ability to discover the

available underlying resources and provides an aggregated view of the resources.



Solution:

The organization needs to deploy the virtual, control, orchestration, and service layers

on the existing physical layer to build the cloud infrastructure.

Following points details how different layers and approach address the organization’s

challenges:

1. Deploying virtual layer:

a. Enables improving the utilization of infrastructure components

i. With the help of VMs, VLANs, VSANs, thin LUNs and so on

b. Enables rapid deployment of compute systems for applications

i. With the help of VM template and virtual appliance

2. Deploy orchestration layer:

a. Enables automated provisioning and configuration of tasks based on

defined policies

3. Software‐defined approach:

a. Ability to dynamically, uniformly, and easily modify and manage their

infrastructure

b. Ability to discover the available underlying resources and provides an

aggregated view of the resources

4. Brownfield deployment option and integrating best‐of‐breed cloud

infrastructure components

a. Enable repurposing their existing infrastructure to build the cloud

5. Hybrid deployment model

a. Enable accommodating increased peak workload that may occur from

time to time



6. Platform as a Service

a. Enable development and testing of scalable applications in an agile

manner

7. Infrastructure as a Service

a. Enable deployment of proprietary and off‐the‐shelf applications

End of Lab 1


Lab 2: Service Management and Security

Purpose:

To reinforce the concepts presented in the lecture portion of

the course, Module 8: Security and Module 9: Service

Management

Tasks: Participants are required to provide a solution for the

deliverables based on the given scenario and the

requirements.

References: Module: Security

Module: Service Management


Scenario

A cloud service provider uses 50 percent of its data center equipment to setup a cloud

infrastructure. The remaining equipment is used for internal operations and for

testing. The cloud infrastructure consists of a hypervisor cluster. A resource pool is

created by aggregating the available resources of the hypervisor cluster. The cloud

infrastructure is used to provide compute services. The services are allocated

necessary processing power and memory resources from the resource pool.

The hypervisor cluster is composed of 10 identical physical compute systems

containing 2 redundant (passive) compute systems. This means that the cluster can

absorb up to two compute system failures and continue to support all services at the

same level of performance. The available processing power and memory per physical

compute system in the cluster is equal to 19.2 GHz and 64 GB respectively. The

existing resources in the data center can meet capacity requirement of services in

short‐term. However, the provider should procure and provision additional resources

as required to avoid the capacity issues in future. Further, the provider is concerned

about security attacks that may compromise the hypervisors running on the physical

compute systems. The provider should take control measures to protect against such

attacks.



The capacity management process in a service provider’s organization is shown in the

figure. The process comprises several activities, shown in rectangular boxes. The

process also consists of conditions. They allow the process to branch into different

directions, depending on whether the conditions are met or not.

Given: The thresholds for over utilization and underutilization of resources are 70

percent and 40 percent utilization of total resource capacity respectively. These are

used to determine whether the resource pool is over utilized or underutilized.



Deliverables

Establish the required capacity management activities marked by ‘X1’ and ‘X2’ in the

figure for below cases:

Case 1: Processing power already allocated to services from the resource pool is

equal to 32.8 GHz and memory capacity already allocated to services from the

resource pool is equal to 123 GB

Case 2: Processing power already allocated to services from the resource pool is

equal to 88.2 GHz and memory capacity already allocated to services from the

resource pool is equal to 320 GB

List the control measures that can address the provider’s security concern.



Solution for Case 1

Number of compute systems in the cluster is equal to 10 (8 active and 2

redundant)

Total processing capacity of resource pool = 8 * 19.2 GHz = 153.6 GHz

Total memory capacity of resource pool = 8 * 64 GB = 512 GB

Utilization (%) of processing capacity of resource pool = (32.8/153.6)*100 = 21.4

%

Utilization (%) of memory capacity of resource pool = (123/512)*100 = 24 %

As the resources are underutilized (<40%), activity X1 needs to be carried out

Activity X1:

o Transfer some of the underused compute systems to another

environment that is under‐resourced

o Reduce the size of resource pool, ensuring that resource utilization is

within the normal utilization limits (>40% and <70%)



Solution for Case 2

Available processing capacity of resource pool = 8 * 19.2 GHz = 153.6 GHz

Available memory capacity of resource pool = 8 * 64 GB = 512 GB

Utilization (%) of processing capacity of resource pool = (88.2/153.6)*100 = 57.4

%

Utilization (%) of memory capacity of resource pool = (320/512)*100 = 62.5 %

Although, resource utilization is within the normal utilization limits (>40% and

<70%), enough resources are not available to satisfy the future demand for

capacity. Hence, activity X2 needs to be carried out.

Activity X2:

o Determine current capacity reserves

o Establish capacity consumption trends

o Forecast future demand for capacity

o Plan for procurement and provisioning of additional capacity



Solution for Security

Control measures to protect hypervisors against attacks are:

o Install security‐critical hypervisor updates when they are released by the

hypervisor vendor

o Harden hypervisor

o Access to hypervisor management server should be restricted to

authorized administrators

o Encrypt network traffic when managing remotely

o Deploy firewall between the management system and the rest of the

network

o Rotate or delete log files when they reach a certain size to protect

against denial of service

End of Lab 2

cloud infrastructure and services version 2 - lab

Documents