imagine virtually anything solution brief - netapp, cisco, and...
TRANSCRIPT
Solution Brief
• Telcosandserviceprovidersmustseparatebilling,CRM,paymentsystems,resellerportals,andapplicationhostingenvironments.
• Financialorganizationsneedtoisolateclientdetailsandpartitiontrading,whole-sale,andretailbanking.
• Governmentsmustpartitionrecordsfortaxation,welfare,healthcare,education,defense,andsoon.
Howcanyoubecertainthatapplications,data,andcustomersaresecurelyisolatedasyoumigratecriticalapplicationstoaninfrastructureinwhichservers,networks,andstorageareallsharedresources?
THE SOLUTION
A secure, virtualized dynamic data centerNetApp,Cisco,andVMwarehavepartneredtocreateauniqueservice-orientedinfra-structure(SOI)thatincludesallserver,storage,andnetworkinghardwareandsoftwaretofacilitatesharing,reuse,anddynamicresourceallocation.OurSOImini-mizestheriskofmakingthetransitiontoacloudinfrastructurewhiledeliveringtheadvancedcapabilitiesyouneedtosucceed.
THE CHALLENGE
Today’sITinfrastructuretoooftensuffersfromsiloedserverandstorageresources—leadingtolowutilization,grossinefficiency,andaninabilitytorespondquicklyandflexiblytochangingbusinessneeds.
Thearrivalofcloudcomputing—andtheadoptionofcloudinfrastructuretodeliverITasaserviceindatacentersofalltypes—promisestoovercometheselimitationsandreducefutureITspendingbyasmuchas47%.
However,lackofconfidencethatdataandapplicationswillbesecurelyisolatedhasbeenamajorimpedimenttoadoptionofcloud-basedservices:
• LargeenterprisesneedtoisolateHRrecords,finance,customercreditcarddetails,andsoon.
• Organizationsmustmakesureoftheseparationofbusinessunitapplicationsanddata.
• Outsourceddevelopmentrequiressepa-rateareasforeachdevelopmentactivity.
• Healthcareorganizationsmustmakesureofpatientrecordconfidentiality.
• Universitiesneedtopartitionexaminations,enrollmentdetails,andcommercialresearch.
NetApp,Cisco,andVMwareDeliverEnd-to-EndSecureMulti-Tenancy
KEY fEATUrES
Three industry leaders, one architectureAnarchitecturetosupportsecureisolationandsecurityformulti-tenantenvironments
NetApp MultiStoreStoragesecurityandisolationfordataandapplications
NetApp Data MotionAlways-ondatamobility
Cisco Unified Computing SystemIntegratednetwork,compute,andstorageaccess
Cisco Nexus Series SwitchesDatacenter–classswitchesthatprovideend-to-end,role-basedfabricsecuritywithTrustSec
Cisco SAfESecurityreferencearchitectureforbuildinghighlysecureandreliablenetworks
VMware vSphereAsecurecloudoperatingenvironment
VMware vShield ZonesSecure,isolate,andsegmentvirtualmachinesandvApps
Keyfeaturesincludeanefficient,always-oninfrastructurewithelasticscalability;inte-grateddataprotection;advancedautoma-tion;andtheabilitytotransparentlymigratebothapplicationsanddataacrosstheinfrastructure.Wehavebroughttogetheryearsofcombinedexperiencetocreateamulti-tenantSOIinwhichseparateappli-cationsorcustomerscansharethesameserver,storage,andnetworkinginfrastruc-turewithcompleteisolationsosensitiveinformationisnevercompromised.
Theindividualtechnologiesare—bythem-selves—thebesttheindustryhastooffer.Together,thesetechnologiesofferuniquesynergiesthatgreatlysimplifythedeploy-mentandmanagementofITinfrastructureandapplicationswith:
• Unmatchedend-to-endsecurityandisolationinvirtualizedenvironments
• Simplified,unifiedarchitecture• Lowercost• Greaterbusinessagility• Lessrisk
THrEE INDUSTrY LEADErS, ONE SECUrE ArCHITECTUrE
Thetraditionalapproachtoguaranteeingapplicationisolationrequiresdedicated,isolatedhardware.Acloudinfrastructuredemandsstrictisolationbetweendifferentclients,businessunits,departments,securityzones,andlayersinthree-tieredWebarchi-tectures—aswellastheabilitytoseparateproductionoperationsfromQA,develop-ment,andsoon.Securemulti-tenancyenablesyoutopartitionasharedinfrastruc-tureinwhateverwaymakessenseforyourbusiness.Dataanddataaccessaresecurelyisolated,andworkloadperformanceismaintained.
requirementsaremetbyasinglestoragesolution,soyouapplythesamehardware,software,people,andprocessestomeetallyourstorageneedsandachievealevelofefficiencythatsimplyisnotpossiblewithothervendors’solutions.Innovativesoftwarehelpsyoumeetspecificobjectivesforautomation,dataprotection,andsecurity.
Secure storage multi-tenancyNetApppioneeredtheideaofsecurestoragemulti-tenancyoversevenyearsagowiththeintroductionofNetAppMultiStoretechnology,providingalevelofsecurityandisolationforvirtualizedstoragecomparabletophysi-callyisolatedstoragearrays.Over20,000MultiStorelicenseshavebeensold.
MultiStoreletsyoucreatemultiple,completelyisolatedlogicalpartitionsonasinglecost-effectiveEthernet-basedstoragesystem,soyoucansharestoragewithoutcompromis-ingprivacy.Theresultsaresecure,sharedcloudstorageandincreasedstorageutiliza-tion.Individualstoragecontainerscanbemigratedindependentlyandtransparentlybetweenstoragesystems.
NetAppDataMotionisaperfectcomple-menttoVMwareVMotion™andVMwareStorageVMotion.WithNetAppDataMotionyoucanmigrateentireVMwaredatastoresbetweenstoragesystemstobalanceload,expandstoragecapacity,orrefreshtechnology withoutdisruption.
CISCO: SECUrE, UNIfIED COMPUTING
Today,ITorganizationsassembletheirdatacenterenvironmentsfromindividualcompo-nents.Theiradministratorsspendsignificantamountsoftimemanuallyaccomplishingbasicintegrationtasksratherthanfocusingonmorestrategic,proactiveinitiatives.
TocreateourSOI,NetApp,Cisco,andVMwaretookaholisticapproachthatallowsdatastorage,networkfabric,andvirtualserverstobeefficientlyshared.Inamulti-tenantenvironment,virtualmachines(VMs)orgroupsofVMsaresecurelyisolatedfromotherVMsorgroupsofVMsusingVMware® vShieldZonestechnology.Oncesecurelyisolated,VMsareconnectedtostoragesystemsthroughanetworkthatisseg-mentedandsecuredusingtheCisco®Nexusfamilyofproducts.ThestoragevFiler™unitstowhichtheyconnectarealsosecurelyisolatedfromothervFilerunitsusingNetApp® MultiStore™technology,whichresultsinanend-to-end,secureisolatedstoragesystem.
Asindustryleadersintheirrespectivefields,eachpartnercontributesproventechnologytomakesureofend-to-endsecurity.WithourSOI,wehavecombinedtechnologiesthatprovidelayersofisolation—inmanycasesproventhroughyearsofuse—intoasinglearchitecturewithsecureisolationofdigitalassetsandresourcesinflightandatrest.
ClosecollaborationandcarefulintegrationeliminatethecomplexityoftraditionalITinfrastructureinfavorofstandardizedcom-ponentsandconsistentmanagementprac-ticesthatloweracquisitionandoperatingcosts,reducestaffskillsetrequirements,shortenprovisioningtimes,andincreaseresourceutilization,allwhileprovidinggreatersecurity.
NETAPP: SECUrE CLOUD STOrAGE
Thetypicalapproachtostorageforcesyoutobuydifferentstoragesystemstoaccom-modatedifferentneeds.WiththeNetAppUnifiedStorageArchitecture,allstorage
“T-Systems’DynamicServicesdeliversecureandreliablecloudservicestoourcustomers.WithNetAppsystems,NetAppMultiStore,CiscoNexusproducts,andVMware,ourdatacentersareabletoprovidesharedyetsecurecloudsofserver,network,andstorageresources.”Klaus rubikHeadofEngineeringandSystemsManagement,T-Systems
Cisco’sUnifiedComputingarchitectureisanext-generationdatacenterplatformthatunitescompute,network,storageaccess,andvirtualizationinacohesivesystemdesignedtoreducetotalcostofownershipandincreasebusinessagility.TheCiscoUnifiedComputingSystem®seamlesslyintegrateswithCisco’sNexusSeriesofdatacenter–classswitches.
Cisco unified fabricAtypicaldatacenterenvironmentsupportsthreeorfourparallelnetworks:onefordata,oneforstorage,oneformanagementnet-work,andpossiblyoneforserverclustering.Thisincreasesmanagementcomplexityandimposessignificantcostsforinterfaces,cabling,rackspace,upstreamswitches,power,andcooling.
Unifiedfabricconsolidatesthesedifferenttypesoftrafficontoasingle,general-purpose,high-performance,highlyavailable10-GigabitEthernetnetworkthatgreatlysimplifiesnetworkinfrastructureandreducescosts.Todoallthis,aunifiedfabricmustbeintel-ligentenoughtoidentifydifferenttypesoftrafficandhandlethemappropriately.Cisco’sunifiedfabricdeliversahigherlevelofperformancewhileguaranteeingtheisolationandsecurityofbothuseranddatatraffic.
Cisco Nexus 1000V virtual switchesCiscoNexus1000VSeriesSwitchesareanintelligentsoftwareswitchimplementationforVMwarevSphere™environments.Operat-inginsidetheVMwareESXhypervisor,theCiscoNexus1000VSeriessupportsCiscoVN-Linkservervirtualizationtechnologyforpolicy-basedvirtualmachineconnectivityandmobileVMsecurityandnetworkpolicy.
Cisco Nexus 2000, 5000, and 7000 Series data center switchesTheinnovativearchitectureoftheCiscoNexusSeriesSwitchessimplifiesdatacentertransformationwithastandards-based,high-performance,unifiedGigabitEthernetand10-GigabitEthernetfabricthatconnectsservers,storage,andusers,greatlysimplifyingnetworkmanagementwhiledeliveringadvancedcapabilitieswithend-to-endsecu-rityforallnetworktraffic.CiscoTrustSecprovidesrole-basedsecurityforallnetworktraffic.TrustSecmakesyournetworkfabricroleawarethroughsecureaccesscontrol,aconvergedpolicyframework,andpervasiveintegrityandconfidentiality.
Cisco SAfECiscoSAFEconsistsofdesignblueprintsbasedonCiscoValidatedDesignsandprovensecuritybestpracticesthatprovidethedesignguidelinesforbuildingsecureandfigure 1) Design elements of the secure multi-tenant infrastructure.
ERP HR CRM
• vSphere• vShield Zones• vCenter
• Cisco SAFE• Nexus 1000V• Nexus 2000/5000/7000• UCS• 10GbE
• MultiStore• NetApp Data Motion• 10GbE NFS/iSCSI/FC
VMware VMware VMware
Formoreinformationvisit www.imaginevirtuallyanything.com.
reliablenetworkinfrastructures.Multiplelayersofsecuritycontrolsareimplementedthroughoutthenetworkunderacommonstrategyandadministration.CiscoSAFEusestheCiscoSecurityControlFramework,acommonframeworkthatdrivestheselectionofproductsandcapabilitiesthatmaximizevisibilityandcontrol,thetwomostfunda-mentalaspectsdrivingsecurity.Thisframe-workfacilitatestheintegrationofCisco’srichportfolioofsecurityservicesdesignedtosupporttheentiresolutionlifecycle.
VMWArE: SECUrE VIrTUALIZATION
Servervirtualizationisintegraltothedevel-opmentofacloudcomputinginfrastructure.VMwarecontinuestoleadthewaywithvalue-addedcapabilitiesthatfosternewwaysofdoingbusiness.
VMware vSphereBringthepowerofcloudcomputingtoyourITinfrastructurewithVMwarevSphere,thenextevolutionarystepinITcomputingandthemosttrustedvirtualizationplatformavailable.Builtonaprovenvirtualizationplatform,vSphereprovidesafoundationforbothinternalandexternalclouds,
usingfederationandstandardstobridgecloudinfrastructuresandcreateasecureprivatecloud.
VMware vNetwork Distributed SwitchTheVMwarevNetworkDistributedSwitchmaintainsthenetworkruntimestateforVMsastheymoveacrossmultiplehosts,enablinginlinemonitoringandcentralizedfirewallservices.Itprovidesaframeworkformoni-toringandmaintainingthesecurityofvirtualmachinesastheymovefromphysicalservertophysicalserverandenablestheuseofthird-partyvirtualswitchessuchastheCiscoNexus1000Vtoextendfamiliarphysicalnetworkfeaturesandcontrolstovirtualnetworks.
VMware vShield ZonesVMwarevShieldZonesisacentrallyman-aged,statefuldistributedvirtualfirewallbundledwithvSpherethattakesadvantageofESXhostproximityandvirtualnetworkvisibilitytocreatesecurityzones.VMwarevShieldZonesintegrateswithVMwarevCenter™andleveragesvirtualinventoryinformationsuchasvNICs,portgoups,clusters,andzonestosimplifyfirewallrulemanagementandtrustzoneprovisioning.
PrOVEN PArTNErSHIPS
ThisSOIisnottheresultofneworuntestedrelationships.NetApp,Cisco,andVMwarehaveworkedcloselywitheachotherforyears,forgingprovenrelationshipsthatresultinsuperiortechnologyandtheabilitytopro-videcoordinatedsupportwithoutneedlessfingerpointing.
Tofacilitatedeliveryoftheservice-orientedinfrastructure,wehavequalifiedateamofsystemintegratorstohelpyoudirectlyassessyourneedsandplanandimplementallelementsoftheinfrastructure,custom-tailoredforyourbusiness.Dependingonyourpreferences,youcanmakeacompletetransformationorevolveyourexistinginfrastructurestepbystep.
GETTING STArTED
Tolearnmoreaboutoursecuremulti-tenancysolution,readtheSecureCloudArchitectureOvervieworcontactyourlocalNetApp,Cisco,orVMwarerepresentative.
©Copyright2010NetApp,Inc.Allrightsreserved.NoportionsofthisdocumentmaybereproducedwithoutpriorwrittenconsentofNetApp,Inc.NetApp,theNetApplogo,Gofurther,faster,MultiStore,NetAppDataMotion,andvFileraretrademarksorregisteredtrademarksofNetApp,Inc.intheUnitedStatesand/orothercountries.VMwareisaregisteredtrademarkandVMotion,vSphere,andvCenteraretrademarksofVMware,Inc.CiscoandUnifiedComputingSystemareregisteredtrademarksofCiscoSystems.Allotherbrandsorproductsaretrademarksorregisteredtrademarksoftheirrespectiveholdersandshouldbetreatedassuch.DS-2953-0910