1
© 2005 Cisco Systems, Inc. All rights reserved.
DC-1101
11201_05_2005_c2
Data Center Architecture
Overview
Willie Yam
Data Center Lead, APAC
222
© 2005 Cisco Systems, Inc. All rights reserved.
DC-1101
11201_05_2005_c2
Agenda
• Introduction
• Data Center Design Overview
• DC IP Infrastructure
• DC Application Optimization
• DC Security
• DC Storage Networking & Business Continuance
• Summary
333
© 2005 Cisco Systems, Inc. All rights reserved.
DC-1101
11201_05_2005_c2
Layers & Services
Aggregation
Edge
Access
Core
Fabric Routing Services
Data Replication Svcs
Storage Virtualization
Virtual Fabrics (VSANs)
Content Caching
SSL Offloading
Firewall Services
Intrusion Detection
Server Balancing
Server Virtualization
V
Remote DMA Services
Virtual I/O
Clustering Services
Compute Fabric Services
Network Analysis
VPN Termination
File Caching
Core
Fabric Gateway Services
Fabric Gateway Services
Storage / Tape Farms
DOS Protection
Server Clusters
Server Farms
DC Functional Layers
… A Data Center Topology
444
© 2005 Cisco Systems, Inc. All rights reserved.
DC-1101
11201_05_2005_c2
Physical Areas
… A Data Center Topology
The Physical Facility…
• Flooring
• Racks
• HVAC and Electrical infrastructure
• Cabling
• Fire Suppression Systems
• Compute Equipment
• Network Equipment
Raised
Flooring
Ceiling Plenum
HVAC
Rack
Rack
Rack
555
© 2005 Cisco Systems, Inc. All rights reserved.
DC-1101
11201_05_2005_c2
Blueprints and Best Practices
The baseline of an architecture…
666
© 2005 Cisco Systems, Inc. All rights reserved.
DC-1101
11201_05_2005_c2
The Data Center Network
System Validation Roadmap…
Foundation
Architecture
Service
Integration
Virtualization
Network DNA
Aggregation, service and access
layers
Core and Edge layers
Service points
Server farm topologies
« ------ »
HA, Convergence, Scalability
Performance
Network DNA
Aggregation, service and access
layers
Core and Edge layers
Service points
Server farm topologies
« ------ »
HA, Convergence, Scalability
Performance
Network Intelligence
Service Integration
Security:
FWSM, IDS, CSA, Riverhead,
Portego
Application Optimization
WASF, Content Switching,
SSL, AONS, CDN, caching
Network Management
« ------ »
Interop., transparency and
Integration
Network Intelligence
Service Integration
Security:
FWSM, IDS, CSA, Riverhead,
Portego
Application Optimization
WASF, Content Switching,
SSL, AONS, CDN, caching
Network Management
« ------ »
Interop., transparency and
Integration
Network Virtualization
Virtual Infrastructure
Virtual Switching
Virtual Routing
Virtual Services
Virtual Firewalls
Virtual Load balancers
System Virtualization
Server Virtualization
Storage Virtualization
Segmentation
« ------ »
Logical Partitioning, Dynamic
Provisioning & Self Adjusting
Network Virtualization
Virtual Infrastructure
Virtual Switching
Virtual Routing
Virtual Services
Virtual Firewalls
Virtual Load balancers
System Virtualization
Server Virtualization
Storage Virtualization
Segmentation
« ------ »
Logical Partitioning, Dynamic
Provisioning & Self Adjusting
Architecture
Definition
Network Areas
IP switching Infrastructure
Storage Switching Infrastructure
Distributed Data Center
Infrastructure
« ------ »
Baseline Fundamental
Functional Network Areas
Mapping DC technology to
customer requirements
Network Areas
IP switching Infrastructure
Storage Switching Infrastructure
Distributed Data Center
Infrastructure
« ------ »
Baseline Fundamental
Functional Network Areas
Mapping DC technology to
customer requirements
DATA CENTER
DESIGN OVERVIEW
777
© 2005 Cisco Systems, Inc. All rights reserved.
DC-1101
11201_05_2005_c2
888
© 2005 Cisco Systems, Inc. All rights reserved.
DC-1101
11201_05_2005_c2
Data Center Design
Strategic Foundation
• Security Policy
External, Internal, Partner
Inter and Intra Server Farm
Risk Analysis—too much vs. too little
• Business Continuance and Disaster Recovery Policy
Business Impact Assessment (BIA) per application
How many Data Centers, how far apart
Active/Active, Active/Standby, both
Personnel Support Plan during outage
• Application and Service Level Agreements
Application bandwidth and redundancy
BIA prioritization between applications
Layer2 and Layer3 server adjacency requirements
NIC Teaming and Backup and Management networks
Good Design Requires Defined
Business Policies
999
© 2005 Cisco Systems, Inc. All rights reserved.
DC-1101
11201_05_2005_c2
N-Tier
Applications
DB Servers
App Servers
Web Servers
Mainframe OperationsIP Comm.
Front End
Network
Application/Server
Optimization
Content
Switch
Cache
Today’s Data Center
Integration of Many Systems and Services
Tape
FC
SAN
RAID
Storage
Network
NAS
FC
Switch
VSANs
Scalable Infrastructure
DC Storage Networks
Distributed Data Centers
Application and Server Optimization
Data Center Security
Security
Firewall
IDS
Resilient
IP
Metro Network
DWDM/SONET/Ethernet
FC
Switch
Secondary Data Center
MAN/
Internet
DR Data Center
FC
Switch
WAN/
Internet
101010
© 2005 Cisco Systems, Inc. All rights reserved.
DC-1101
11201_05_2005_c2
Systems and Solutions
Tactical Execution
Data Replication and SAN
Extension
SAN TopologiesL3 and L2 FeaturesCachingServer Farm Topologies
Synchronous and Asynchronous
FC Over Campus and MAN
FCIP Over WAN
Best Practices
Intra-DC
Inter-DC
PVLANs, Static ARP, Port
Security, MD5 Authentication
AAA, SSH, Root and BPDU Guard,
ARP Spoofing, DHCP Spoofing,
VLAN Hoping
Reverse Proxy Caching
WCCP and SLB Redirection
Content Prepositioning
NIC Teaming
Clustering
iSCSI, FC, NAS,
Failover and Load Balancing
DNS Base Site Selection
Route Health Injection IGP and
BGP Site Selection
FC to IP Ethernet Gateways
IP Services in FC switches
Network IDS
Host IDS
SSL Acceleration
Mgmt Simplification
Monitoring Encrypted Traffic
Modular
Stackable
RPVST+
Site SelectioniSCSI/FCIPIntrusion
Detection/Protection
SSL OffloadSwitching
DWDM, SONET/SDH, CWDM
GE and 10GE
MetroE and IP WAN Services
L2 and L3 VPN Service
Director Class Switches
Stackable Switches
Firewalls
ACL—RACLs, VACLs
Server Load BalancingSwitches
Routers
IGP and BGP Protocols
DC InterconnectivityFC SwitchingTraffic FilteringContent SwitchingRouting
Business Continuance
Networking
Storage Network
Infrastructure
DC SecurityApplication
Optimization
IP Network
Infrastructure
111111
© 2005 Cisco Systems, Inc. All rights reserved.
DC-1101
11201_05_2005_c2
DATA CENTER
IP Infrastructure
111111
© 2005 Cisco Systems, Inc. All rights reserved.
DC-1101
11201_05_2005_c2
121212
© 2005 Cisco Systems, Inc. All rights reserved.
DC-1101
11201_05_2005_c2
Data Center Architecture
Load
Balancer
Firewall SSL
Offloader
Cache
Aggregation
Layer
Access
Layer
IDS
Sensor
Network
analysis
GSS
Intranet Core
Internet Edge
DC Aggregation
Server Access
131313
© 2005 Cisco Systems, Inc. All rights reserved.
DC-1101
11201_05_2005_c2
IP Infrastructure
Highly Available, Adaptable, Predictable, Deterministic
and Service Ready
• Integration with the routed
network
Intranet and Internet peering
DC Isolation from external events
• Server farm topologies
Layer 2 Adjacency requirements
Layer 3 Boundary
Service Location
Multi-tier Topologies
Scalability
• 1RU and Blade Servers
Integration
Design Alternatives
Service Integration
WEB
APP
APP
APP
FTP
DNS
WEB
DHCP
Mainframe
Primary Server Farm
Campus Core
Internet Edge
DMZ
Application Services
Cisco 7500/7200
Routers
Cisco 3550/4500
Switches
Cisco PIX
Firewalls
Catalyst 6500
Switches
Cisco GSS
Content Router
IDS sensor
Content Engine
SSL Module
Content Switching Module
Firewall Module
Catalyst 4500/
6500 Switches
Call Manager Cluster
PIX / Firewall Service Module
IPTV Server
Service modules
141414
© 2005 Cisco Systems, Inc. All rights reserved.
DC-1101
11201_05_2005_c2
Multi-tier Topologies
Physical vs. logical Topology
Logical Topology
Used in Hosting Services
Dedicated service devices
Highly scalable
IP Network
IP Network
Physical Topology
Service devices are shared (transparent
and virtual)
Greater service efficiency
Easier manageability
More cost effective
151515
© 2005 Cisco Systems, Inc. All rights reserved.
DC-1101
11201_05_2005_c2
DATA CENTER
Application Optimization
151515
© 2005 Cisco Systems, Inc. All rights reserved.
DC-1101
11201_05_2005_c2
161616
© 2005 Cisco Systems, Inc. All rights reserved.
DC-1101
11201_05_2005_c2
Application Optimization
High Availability, Scalability and Health of Application Services
• Load Balancing
Application Availability
Scalability
• SSL Offloading
SSL Scalability
Centralized PKI
Management
Security/Traffic Inspection
• Caching
Server I/O and CPU
reductions
171717
© 2005 Cisco Systems, Inc. All rights reserved.
DC-1101
11201_05_2005_c2
Server and Application Scalability
Improving and Guaranteeing Service Levels
• Distribute Traffic Load
• HW alternative to clustering technologies
• Avoiding misbehaving apps/server: app health checking
• Allows seamless scalability
• Enables any-window maintenance change control
Load balancing and Content Switching Technology
Server
Server
Server