© 2013 Cisco and/or its affiliates. All rights reserved.

TWIPD – Cloud Computing

Part II : Virtualization TechnologyOrson Yang ( 楊瑾瑜 )

台灣思科網路學會議評會

March-22-2013

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2

Agenda• Virtualization

• VMware vSphere

• Cisco Nexus 1000V

• Cisco CloudLab

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3

Virtualization

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4

雲端運算服務特徵• 根據美國國家標準和技術研究院的定義 , 雲端運算服務應該具備以下特徵：

隨需自助服務。隨時隨地用任何網路裝置存取。多人共享資源池。快速重新佈署靈活度。可被監控與量測的服務。一般認為還有如下特徵：基於虛擬化技術快速部署資源或獲得服務。減少使用者終端的處理負擔。降低了使用者對於 IT 專業知識的依賴。

• 雲端運算服務怎麼達成這些目標？

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5

Cisco Domain Ten• Cisco 為了簡化資料中心和雲端轉型提出的 10 項領域的框架

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6

軟體定義資料中心 (Software-Defined Data Center)• 軟體定義資料中心 (SDDC) - 資料中心所有的基礎建設都能虛擬化，而能用軟體進行自動化的佈署，提供 Data Center as a Service 。

圖片來源 : Torsten Wolk 先生發表在 EMA Bloghttp://blogs.enterprisemanagement.com/torstenvolk/2012/08/16/softwaredefined-datacenter-part-1-4-basics/

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7

軟體定義資料中心的核心元件• 為達成自動化的目標， SDDC 需要把資料中心的三項基礎建設虛擬化

伺服器虛擬化網路虛擬化儲存虛擬化

圖片來源 : Torsten Wolk 先生發表在 EMA Bloghttp://blogs.enterprisemanagement.com/torstenvolk/2012/08/22/softwaredefined-datacenter-part-2-core-components/

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8

伺服器虛擬化• 藉由虛擬機系統 (Hypervisor) 及虛擬機管理軟體 (VMM – Virtual Machine

Manager) ，在實體伺服器上建立虛擬機 (VM – Virtual Machine) ，以達到運算資源彈性調度的目標。• 虛擬化分類

完全虛擬化：幾乎完整模擬真實硬體，允許軟體 (Guest OSs) 可以不需要修改，就能在 VM上運行。WMware vSphere Server, Microsoft Hyper-V Server

部分虛擬化：只模擬部分硬體環境，軟體要經過修改才能在 VM 上運行。準虛擬化：沒有做任何硬體模擬，而是讓軟體在個別的隔離領域執行。Citrix Xen Server, KVM

利用 CPU 和晶片組特別的設計，來提昇硬體虛擬化效能的技術稱為－硬體輔助虛擬化。

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12

網路虛擬化• Internal network virtualization – 由 Hypervisor 在 Server 內運行

虛擬網卡虛擬交換機 (Cisco Nexus 1000V)虛擬防火牆虛擬負載平衡…

• External network virtualization – 由網路設備提供Virtual LAN (VLAN), Private VLANVirtual Port-Channel (vPC)First Hop Redundant Protocol (FHRP e.g. HSRP, VRRP…)Virtualized Access Switch…

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17

儲存虛擬化• Storage systems may use virtualization concepts as a tool to enable

better functionality and more advanced features within and across storage systems.

• Primary types of virtualizationBlock virtualization used in this context refers to the abstraction (separation) of logical storage (partition) from physical storage so that it may be accessed without regard to physical storage or heterogeneous structure. This separation allows the administrators of the storage system greater flexibility in how they manage storage for end users.File virtualization addresses the NAS challenges by eliminating the dependencies between the data accessed at the file level and the location where the files are physically stored. This provides opportunities to optimize storage use and server consolidation and to perform non-disruptive file migrations.

資料來源 : WIKIPEDIA - http://en.wikipedia.org/wiki/Storage_virtualization

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21

WMware vSphere

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23

VMware vSphere Architecture• Vmware vSphere 平台由安裝於主機的 – VMware vSphere Hypervisor -

ESXi 加上 VMware vCenter Server 中控平台以及管理者端的 VMware vSphere Client 組合而成。

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31

VMware vCenter Server 功能• VMware vCenter Server 提供虛擬基礎架構的集中式能見度、主動式管理與擴充性。

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38

VMware vSphere Client connect vCenter Server

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39

Cisco Nexus 1000V

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 40

Cisco Nexus switching familyP

erfo

rman

ce a

nd S

cala

bilit

y

Cisco Nexus 7000 Series modular datacenter switches

Cisco Nexus 5000 Series

Cisco Nexus 3000 Series

Cisco Nexus 2000 Series Fabric Extenders (FEX)

Cisco Nexus 1000V Series

Cisco Nexus 4000 Series Blade Switches

Cisco Nexus 1100 Virtual Services Appliance

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 41

Cisco Nexus 1000V for VMware vSphere

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 44

Cisco Nexus 1000V Series Architecture

Virtual Appliance Cisco Nexus 1100 Virtual Services Appliance

vWAAS VSG VSM

NAM

NAM

VSG

VSG

Primary

Secondary

VSM

VSM

L3 C

onne

ctiv

ity

VEM-2

vPath

ESX or Hyper-V 3.0

VSM: Virtual Supervisor Module

VEM: Virtual Ethernet Module

vPath: Virtual Service Data-path

VXLAN: Scalable Segmentation

VSG: Virtual Security Gateway

vWAAS: Virtual WAAS

Virtual ASA: Tenant-edge security

Virtual Supervisor Module (VSM)Network Analysis Module (NAM)Virtual Security Gateway (VSG)Data Center Network Manager (DCNM)Imperva SecureSphere Web Application Firewall

(WAF)

VXLAN

Virtual ASA

VEM-1

vPath VXLAN

ESX or Hyper-V 3.0

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 45

Cisco Nexus 1000V EditionsFeatures Essential (Free) Advanced

Layer 2 switching: VLANs, private VLANs, VXLAN, loop prevention, multicast, virtual PortChannels, LACP, ACLs Yes Yes

Network management: SPAN, ERSPAN, NetFlow 9, vTracker, vCenter Server plug-in Yes Yes

Enhanced QoS features Yes Yes

Cisco vPath Yes Yes

Security: DHCP Snooping, IP Source Guard, Dynamic ARP Inspection, Cisco TrustSec SGA support No Yes

Cisco Virtual Security Gateway Included

Other virtual services (Cisco ASA 1000V, Cisco vWAAS, etc.) Available separately Available separately

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 49

Cisco CloudLab

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 50

Cisco CloudLab• Cisco CloudLab provides a dedicated cloudbased setup to for

demonstrations and hands-on labs. • Access to Cisco CloudLab requires a valid Cisco.com (CCO) account

which can be obtained free of charge. You must have a Cisco employee as sponsor in order to access Cisco CloudLab.

• URL - http://cloudlab.cisco.com

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 51

Cisco CloudLab Lab List• Cisco Nexus 1000V (2.1) - General Overview• Nexus 1000V (1.5.1a) with L3 Mode (Pre-Configured)

Attaching Virtual Machines to the Cisco Nexus 1000V, VMotion and Visibility, Policy-based Virtual Machine connectivity.

• Lab: Cisco Virtual Security Gateway (VSG) – Introduction• Demo: Cisco Virtual Security Gateway (VSG)(Pre-Configured)• Lab: Cisco Nexus 7000 - Introduction to NX-OS• Lab: Cisco Overlay Transport Virtualization (OTV)• Virtual Extensible LAN (VXLAN) (Pre-Configured)

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 53

Lab Access• This virtual lab is hosted in Cisco’s cloud‐based hands‐on and demo lab.

Within this cloud you are provided with your personal dedicated virtual pod (vPod). You connect via RDP to a so‐called “control center” within this host and walk through the lab steps below. All necessary tools to complete this lab can be found in the “control center”.

• The username and password to access the Control Center of this vPod are listed below:

User Name:VPOD\administratorPassword:Cisco123

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 54

Lab Topology• Your pod consists of:

Two physical VMware ESX servers. They are called esx01.vpod.local and esx02.vpod.local.One VMware vCenter, reachable at vcenter.vpod.local via the vSphere client.One Cisco Nexus 1000V Virtual Supervisor Module, reachable at vsm.vpod.local via SSH.One pre‐configured upstream switch to which you do not have access to.

Thank you.