In-Depth
Virtualization 2011: Collaboration with Network Infrastructure
Enterprises are striving to increase server virtualization this year. The maturity of server virtualization will help drive the planning of your network strategy; another is desktop virtualization.
By Mark Townsend, Director, Solutions Management, Enterasys Networks
Successful projects typically require cooperation from many teams, and virtualization deployments are no different. Many disciplines within an information technology organization are impacted when virtualization initiatives begin. Two groups that have experienced changes are server and network teams.
Improving collaboration between these two groups can increase your virtualization return on investment by reducing trouble tickets required to deploy new systems, improving virtual machine (VM) density on existing infrastructure, and maintaining compliance mandates.
I'll examine some of the new challenges enterprises are focusing on for 2011, some of the technology changes involved and how to plan for key virtualization projects in 2011 while maximizing the benefits of virtualization today.
Two of the top existing questions facing virtualization projects during the next 12 months are:
- How can we increase our physical-to-virtual (P2V) projects?
- How can we improve asset utilization?
These are regular topics for discussions at many sites with which I've consulted. Although there are some applications that aren't well virtualized today, there are other applications that remain on physical machines because the company doesn't understand how to implement the required network and security controls in the virtual environment they have. There is a similar situation with asset utilization.
The key benefit to virtualization is to properly distribute VM load across the physical assets. Many environments have perimeters and controls that are enforced in the physical network but not properly understood in the virtual network. I've seen many sites that use silos of virtualized environments that replicate the previous physical environment, just a little smaller. These sites do not realize the full benefits of virtualization. Let’s examine how to capture more return on investment from your existing virtual data center.
One part of the solution to improve virtualization density is linked to the ability to define and enforce perimeters in both the virtual and physical networks. Not only defining and enforcing them, but also the ability within that framework to dynamically support the elasticity that many virtualization environments are striving for.
When integrating the network with the hypervisor, there are two control points to consider: the virtual network and the physical network. To improve density and retain the former perimeters, control both the virtual network and physical network as a single system. Many physical infrastructure vendors are shipping early versions of their systems. There will be considerable maturity to these solutions in 2011 and 2012 with planned ratification of several standards (see “Control Options,” page 3).
Implementing physical controls for virtual systems is similar to physical systems. Each requires the ability to describe a port profile for the endpoint. The basics of a port profile include the VLAN settings for the endpoint, quality of service (QoS) settings and any packet filters to be associated with applications running on the endpoint.
The primary difference in the application of port profiles between the two is that virtual machines commonly treat the edge of the physical network as a shared resource. This creates a requirement in the physical infrastructure to provide port profiles for each virtual machine on a shared port and to keep these profiles consistent as virtual machines are in motion within the data center.
Automation: Bringing it All Together
Integrating the virtual and physical networks today requires that multiple systems collaborate when a virtual machine is activated on a hypervisor. The virtual and physical networks need to be provisioned uniformly to ensure the application is available and is compliant with organizational controls.
For 2011, we’ll see data federation between traditional network management and hypervisor management systems. Data exchanged between the two parties will contain information regarding the asset (virtual machine) and how that asset will interact with the two networks. For example, the hypervisor would share the name of the VM, the operating system, universal unique identifier (UUID), and network information such as MAC and IP address. The network management system would contribute the VLAN and QoS settings to be provisioned as well as the physical network location where the VM is currently located. Federation allows for improved workflows in IT and for different groups to use their native applications.
In the future, there is potential within existing standards (such as Trusted Computing Group IF-MAP) to federate the data in a standard way, enabling a richer environment and cross-platform capabilities. It also invites other applications to participate, enabling the provisioning of other physical systems such as firewalls during a VM mobility event.
Looking Forward
Enterprises are striving to increase server virtualization in the coming year. The maturity of server virtualization will be a driver in planning your network strategy. Another driver is desktop virtualization.
Desktop virtualization is still in infancy, but a growing number of RFIs show that it is gaining mindshare across many vertical markets. To grasp the impact desktop virtualization will have in your data center network, consider that we’ve seen desktop-to-server ratios in a range of 10:1 in midsized businesses to 25:1 in larger enterprises. Understanding that your virtualized data center may grow 10 to 25 times its existing size, it’s easy to see that IT shops really need to craft a virtualization strategy and tools that will scale for the future.
Sidebar: Control Options
There are several control options for the virtual network today, and a set of standards in development. Current options for managing the virtual network include managing the existing hypervisor switch via vendor-specific APIs. There are many examples of this solution today from different vendors with varying degrees of integration.
Essentially the physical network management system interfaces with the virtualization management system to configure the desired network settings. Application of this method is limited to the type of hypervisors supported by the physical network vendor’s product.
Another option is to replace or augment the existing hypervisor switch with a third-party virtual switch or software. There are a few implementations from vendors but there are limitations, including vendor lock-in, performance degradation, and unclear technical support.
Finally, there is the developing virtual Ethernet port aggregator (VEPA) standard. VEPA is currently being developed in the IEEE 802.1Qbg/h working groups. The goal of VEPA is to move networking from the hypervisor to dedicated physical switches, eliminating the virtual switch as an independent tier within the data center network. This makes it simpler to integrate VMs with legacy network controls such as firewalls and IPS, reducing the need for separate virtual security controls. There is the added benefit of freeing hypervisor resources through the elimination of the virtual switching plane.