DES Virtualization - IPMA-WA
Download
Report
Transcript DES Virtualization - IPMA-WA
DES Virtualization
IPMA Briefing 2012
A New Opportunity - DES
• Legislative mandate to consolidate 5
agencies into DES
• Consolidate support to DES and support 2
existing agencies and 1 new agency
• IT support responsibility includes OFM,
Governor’s Office and CTS
• Challenges abound – disparate storage,
duplicate applications, redundant
infrastructure, firewall separation
DES at Inception
DES Current State
T
F
A
R
D
Network Consolidation Status 10/5/11
Internet
Current DES Issues:
- Isolated
- A2A Traffic over SGN
- Firewall obstruction
- Conf Rm to agency logon via SGN
OFM Firewall
File/App/Web
Domains
DIS AD
DOP AD
GA AD
OFM AD
PRT AD
SSV Firewall
d
SGN
Dept of Printing
Workstations
GA Firewall
DOP Firewall
CTS Firewall
File/App/Web
DES Firewall
d
CTS Workstations
R
File/App/Web
d
Print
Enterprise
Applications
File/App/Web
DIS Workstations
R
R
File/App/Web
CR Workstations
R
d
R
d
d
GA Workstations
d
OFM Workstations
GOV Workstations
d
DOP Workstations
By the Numbers…
• DES as new agency October 1st, 2011
– 345 servers, 63% virtualized
– VMware was primary platform
– 3 SAN enabled virtual farms
Virtual Objectives
• Consolidate hardware in single “vFarm”
• Extend layer 2 to virtualize existing preDES agency infrastructures
• Support “come as you are” vDC to
expedite virtualization and consolidation
• Build new DES branded virtual data center
topology for DES services eClient and
eApp
Virtual Data Centers…
DES Future Services
Shared Admin Domain Model
DRAFT 1/27/12
eClient & eApp Domains
Washington State
DC
wa.lcl
wa.lcl
AD Forest wa.lcl
DC
wa.lcl
CTS provisioned domain /
CTS-DES shared
ownership / admin
vDC
eClient.wa.lcl
vDC
eApp.wa.lcl
Mgmt Demarcation
DES provisioned
services / DES
administration
vDC
DC eClient.wa.lcl
eClient.wa.lcl
d
eClient.wa.lcl
Workstations
DC
eApp.wa.lcl vDC
eApp.wa.lcl
File&Print
DC
eApp.wa.lcl
DC
eClient.wa.lcl
Users
eApp.wa.lcl
App/Web/SQL
App/Web/SQL
Present Virtual Work
• Virtualize 93 more servers to hit 90%
• Migrate 3 ESX farms to 1 shared farm
• Scale to support anticipated Windows
server growth of 7 – 10% per year
• Build out network to support enterprise
services and desired efficiency
DES Shared Virtual Platform
•
•
•
•
•
•
VMware ESX4i
HP DL380 G7 rackable servers
RAM (lots of it)
EqualLogic iSCSI storage
Licensing at the processor level
More RAM!
* RAM is always limiting factor
Storage
•
•
•
•
•
•
iSCSI based 1GB I/F ethernet storage
89.24 TB of RAID50 SAS & SATA disk
16% in near term snapshots
Thin provisioned, over provisioned
Replicated to TierPoint data center
Fully virtualized
Layer 2 Extensions enabled…
• Virtualize “in place”
– no change for existing applications
• Built-in backup / recovery
– vRanger immediately picks up new guests
• Shared storage scalability
– Growth accommodated at multi-agency level
• Operational mgmt by designated leads
– Spread vFarm mgmt to key leads with
appropriate training
Layer 2 “Extended”
Virtual Console
• Virtual Console roles
– Resource Pool Admin
– Resource Pool Server Admin
• Attempted “linked consoles”
– End client still needs direct access to primary
console
• Jumpbox model
– RDP to console, run locally with pre-DES AD
accounts set to virtual Data Centers
VMware Converter
• VM converter “needs”
– Virtual Console enabled guest within each
pre-DES network
– Migration host with kernal (ip) on each client
network
– No affinity during transition to invidual VM
host
Security
• pre-DES agencies had different security
policies and data risks
• New security team and unified strategy at
DES key enabler
• Building to support security spectrum
– vLAN separation
– vSwitch separation
– vFirewall security & audit
Why Virtualize? Story 1
• AFRS Data Warehouse
– Problem: Existing DW is operating 2
Windows 2003 x64 servers with SQL Server
2005 and team wants to migrate to Windows
2008 R2 x64 with SQL Server 2008 R2
Enterprise. Migration of data and transition is
expected to take in excess of a month.
– Server 1: 2.85 TB of storage on 3 SAN volumes F, G, H
– Server 2: 1.65 TB of storage on 2 SAN volume F, G
Why Virtualize? Story 2
• ERDC P20 Data Warehouse
– Problem: The new P20 Data Warehouse for
the Economic Research & Development
Council (ERDC) needed the ability to
“recover” a full infrastructure platform (QA,
DEV, Sandbox or Prod) to any given day /
week in recent history.
Lessons Learned
•
•
•
•
•
•
•
•
Cross train early and often
Change management and disciplined approach
Keep capacity for maintenance (n+1+ a little more)
Script configurations wherever possible for
consistency (powershell or ???)
Don’t assume – validate throughput, monitor links
for even load distribution, etc. (Windows perfmon,
VMware esxtop, switch CLI)
Don’t underestimate RAM and storage
Have your customers tout your success (nothing
sells your service more than a happy customer)
Patience – build in quality rather than rework
Questions