Biztech Jul 16, 2010
Virtualising the data centre with VMware brings many benefits, but it also brings new challenges involving how organizations design and manage their network and security teams. If not properly configured virtualisation can place strains on the network, even if server administrators see gains in server capacity optimisation. In the case of Groupe Agrica, the deployment of a suite of Cisco Nexus virtual switches, combined with VMware vSphere management tools, facilitated cooperation between server and networking teams and resolved challenges arising from this infrastructure consolidation project. Groupe Agrica manages retirement, injury, health care, and savings plans for employees in the agricultural sector. When the group decided to consolidate the IT infrastructure three years ago, VMware, the market leader, was the natural choice. Today 99 percent of the group’s servers, critical and noncritical, are virtualised on the VMware vSphere platform. Two hundred virtual machines (200 VM servers running on 20 ESX version 4) support applications including Oracle, Business Objects, or Lotus Domino. But for the network engineers, the server infrastructure was just so many undifferentiated black boxes.
Roles and Responsibility Challenge, Not Technical Challenge
In a classical data centre, when a physical server is installed it is connected to a known physical port on a switch, and the network administrator configures the appropriate policies: VLAN membership, traffic shaping, I/O filtering, network addresses, etc. In a virtualised data centre, everything changes. Network switches cannot be configured with individual policies for each virtual machine; network administrators can only see to the underlying physical platform, the server. Also, for all the benefits that vMotion brings to the data centre, it complicates the job of the network engineer as applications migrate across physical ports. Server virtualisation is a serious challenge for the network administrator. According to Julien Mousqueton, network designer with Groupe Agrica, “It was worse than that. Certain network parameters were being configured on the server by system administrators, and were no longer under the control of the networking team.” In designing Groupe Agrica’s new virtualised data centre, the principal challenge was an operational and people challenge. Several mcross-functional meetings were needed to define the roles and authority of each team, and to demonstrate the advantages of a new virtualised architecture. The time spent proved to be essential to the success of the project.
Visibility for Network Administrator
The Cisco Nexus 1000V Series Switch adds advanced networking and security to VMware vSphere4. The switch can be installed in seven minutes using a GUI installer, and is deployed with no network downtime. Only with the Nexus 1000V can the virtual machine networking be managed and monitored using the same command-line interface (CLI) and network tools that the network team is used to. According to Mousqueton, “We connected the Nexus 1000V to our production virtual servers. We installed the supervisor module on a virtual machine. Now the network team has full control over the network.” Groupe Agrica can now deliver new customer services, which were previously impossible to deliver. For instance, with the Nexus 1000V, network quality of service (QoS) makes it easy to meet SLA commitments. “The Nexus 1000V allows us to define profiles for individual virtual machines,” says Mousqueton. “When we migrate a virtual machine using VMware VMotion, the network reconfigures automatically. That wasn’t the case in the past.”
Virtualising Network Improves Security
Groupe Agrica realized network security benefits by deploying the Cisco Nexus 1000V Series Switch. Before deploying the Nexus 1000V, the lack of VM-level visibility by the network team meant virtualisation was not being applied in the DMZ, to avoid the risk of errors. The Nexus 1000V changes the situation. After deploying the Nexus 1000V, Groupe Agrica was able to virtualise the DMZ. The result was a quantifiable reduction in space requirements, power consumption, and management overhead. According to Mousqueton, “We were able reduce the number of dedicated servers in the DMZ by 50 percent”.
Unifying I/O with Nexus 5000 switches
The successful deployment of the Nexus 1000V gave Groupe Agrica the incentive to go further. In December 2009, the team planned an extension of their storage infrastructure. One of the priorities was to reduce power consumption. To fulfill this mission, the team decided to deploy four Nexus 5020 switches in the storage area network (SAN), spread across two sites. The Cisco Nexus 5020 Series Switches answered many of the company’s needs. The Fibre Channel over Ethernet (FCoE) technology unified its I/O. Group Agrica also needed to increase its bandwidth to accommodate the ever-increasing number of virtual machines on the network. This meant moving to 10 Gb Ethernet.
According to Mousqueton, “We’ve reduced the number of cables per server from 16 to 6. The impact is significant, especially as far as cooling capacity is concerned.” The team connected the vSphere virtual servers and Nexus 5020 switches using controller area network (CAN) cards, further reducing the number of cables needed. A CAN card costs less than the combined costs of a quad Ethernet adapter and a dual Fibre Channel adapter, and Nexus switches follow the Cisco philosophy for ease of deployment. For Groupe Agrica, this approach enabled configuration with very high levels of service continuity.
Building an Advanced Data Centre
By selecting Cisco Nexus 1000V and 5000 Series Switches and VMware vSphere, Groupe Agrica overcame resistance to server virtualisation and deployed infrastructure at the forefront of today’s technologies. According to Mousqueton, "The combination of these solutions allows our IT teams to discover new benefits to virtualised infrastructure, because we can now administer a network in a virtual environment the same way as we have done in the physical world, and it is simplified and intuitive."