Virtualization Update (1/25/2012)
Download
Report
Transcript Virtualization Update (1/25/2012)
Campus Virtualization Update
Laurie Collinsworth
1/25/2012
CIT’s Managed Servers
Physical to Virtual Comparison
1400
1200
1000
800
600
400
200
0
Jun07
Dec07
Jun08
Dec08
Jun09
Dec09
Physical
Jun10
Dec 10
June 11
Dec 11
VM's
Campus Virtualization Initiative started in April 2011
• Increase in VM’s since April 2011 is 386, ~50/month
• Decrease in Physical servers since April is 38, ~5/month
~ 50 retirements
~ 15 new servers (eg. Oracle RAC, Email routers, FIM)
2
CIT’s Virtualization Progress
Identity Management
Cold Fusion Hosting
Blade Center in Rhodes Hall
14 VMs for Version 9
Architecture stress tested before each new release
Kronos
60 VMs, multiple JVMs per VM
Horizontal scaling
Black Board
180 VMs for CF9
Redundant load balanced (eg:cornell.edu on 8 VMs)
55 websites, 78 test and dev sites
Kuali
59 VMs, all Extra Tier
Virtualized Apps:
AD Cerificate Service
Quest Migration
Radius
Kproxy/WebDAV
Enterprise Directory
Permit Service
Web Services
12 VMs
LAMP Hosting
50 VMs for LAMP 2.0
3
CIT’s Moves to Cloud (Software as a Service)
Current cloud apps
Planned migration
Gmail
Box.net (pilot)
Campfire (CIT incident response)
OnDemand Remedy
WorkDay
CIT effort/time tracking (internal)
Investigations
As applications are designed or upgraded,
time is taken to see if SaaS or out-sourcing
is a viable option.
4
Hurdles to Virtualization
• AD Migration - in progress
• Licensing – cost factor, OS level requirements
• Services scheduled to be retired or replaced
• Mainframe printing
• Oracle WebLogic
• Prioritizing of Staff to migrate applications
• Typically applications are upgraded as servers are replaced,
not all at once.
• Consultants configure applications and leave.
• Staff reassignments or reductions
5
Non-supported Applications
•
•
•
•
Hyper-V, Xen Desktop, ESX
Domain Controllers, DNS, DHCP
VPN, Firewalls, network scanners
Cpanel and other system and network
management software
• Virtual appliances
• Grey area: User “landing” machines really need
a separate security level within the datacenter.
(eg: logging onto a server to run user apps such
6
and mail and browsing the internet)
Enablers for Virtualization
•
•
•
•
•
•
•
AD Migration – in progress
VM typically faster if physical server >2 yrs old
Self-serve VM provisioning
Self-serve CNAME creation
Monitoring and Reporting
Projects for PCI & off-site DR
Documentation
7
Self-Serve for Service Groups
• Available since Oct 12, 2011
• 8 Service Groups configured
– CIT–Infrastructure, Facilities, Forest Home, Library
– SAS, CALS, Arts & Sciences, COECIS
•
•
•
•
30 authorized requestors
63 provisioned VMs (50 Windows, 13 Linux)
https://vmselfserv.serverfarm.cornell.edu/
http://sysdocs.cit.cornell.edu/twiki/bin/view/Docu
mentation/VmSelfServForCustomers
8
Self-serve Configurations
• Pre-configuration for Service Groups
–
–
–
–
–
Service group, authorized requestors, approvals
Predefined projects, accounts, destination networks
Network size, network firewall, load balancer, ACLs
Default server administrators, local firewall
Windows: default Active Directory OU and domainbased policies
– Linux: default Cfengine class and SFAM role(s).
– Predefined name: sf-agoit-001.serverfarm.cornell.edu
– Web page options: vCPU, Memory, filespace, C4C
9
New DNSDB feature
• Available since Nov 10, 2011
• Netadmins of a DNS domain name can create
CNAMES without owning the target name or IP
space.
• http://dnsdb.cit.cornell.edu/dnsdb-cgi/batch.pl
• addcname myfiles.cals.cornell.edu sf-agoit-001.serverfarm.cornell.edu
• addcname myotherfiles.cals.cornell.edu cloudhost001.providor.com
10
Monitoring and Reporting
• From the ground up we monitor:
•
•
•
•
•
•
•
•
Power and cooling
Key-card door access
SAN storage arrays and network equipment
Ethernet network equipment
HP Chassis, blades, temperature
VMware environment (ESX hosts)
OS level environment (CPU, Memory, I/O, filesystem usage)
Registered applications (web, db, ldap, etc)
11
Foglight monitors Vmware
Opsview monitors the OS level parameters and handles traps
Projects for PCI and off-site DR
• PCI hardware in-house and racked
• Geneva router to be upgraded
• DR hardware in design phase
14
http://www.it.cornell.edu/cms/services/managed_servers/options/vmware/index.cfm
http://www.it.cornell.edu/cms/services/managed_servers/faq.cfm
Resources
• Infrastructure Virtualization Initiative
– http://www.cit.cornell.edu/about/projects/virtual/
17