Henry Fastert, Chief Technologist & Managing Partner, SHI @HP Discover 2011
SHI has taken a very different approach to cloud infrastructure services than the commodity systems that many IaaS providers are building. It makes no apologies for building an enterprise IaaS cloud on brand-name gear. From the outset it designed a cloud targeted at a very specific segment of the market, mission-critical virtual machines. Here is an in-depth look at the design goals, processes, technologies, and key vendors that got it to where it is today;
Contents |
SHI Overview
- Global provider of IT products, services and solutions:
- $5b revenue annually, 100% organic growth, largest privately held company in North America;
- Started as small software reseller, now broad line of services;
- 1,700 employees.
- Most recent initiative has been around cloud services:
- Views cloud services as an evolution of service portfolio,
- Used all internal people to build cloud services, took people from SHI Labs and PS organizations to make it happen.
Cloud Center Solution
- Have targeted exact opposite end of marketplace from public cloud providers, have created mission critical virtual machines.
- Goal is to deliver VM’s of the same quality that subscribers would get from their own IT infrastructure, wanted VMs to be interchangeable across public and private infrastructures.
Key SHI Cloud Design Principles
- Secure – early design parameter was to place VMs on the customer network via vLAN extensions over MPLS or Metro Ethernet:
- SHI has no access to VM once dispatched and can’t see what the customer does inside its VMs;
- Makes VM more useful, machine is indistinguishable from on-premise VMs, can be used in same manner.
- High performance:
- This means using state-of-the-art networking equipment, powered by leading hardware and software technologies to max fabric bandwidth, storage IOPS, and server performance.
- Beta customers saying VMs they get from SHI are significantly faster than what they get internally.
- Industrial Grade:
- No SPF, HA leveraging vSphere.
- Low-latency SONET and DWDM connections.
- Provide true network redundancy.
- Spent a lot of time building a very robust infrastructure.
Service Types
- Self service portal:
- Via customer or SHI VM templates, can upload templates to portal and execute on the cloud.
- API approach is nice but surest and easiest way to migrate to cloud is via standard VM templates.
- Time-Boxed Burst Computing:
- Customers can upload templates to address seasonal capacity spikes.
- SHI Cloud Center provisions VMs using gold images.
- Disaster Recovery:
- Spin up VMs that are configured by customer (in advance) upon indication of disaster and restore operation.
Architecture
- Service broken down by vCores (Service Cores) = finite collection of server, storage and switch elements.
- vCores are self-contained physical cloud appliances, optimized for serving VMs.
- vCores can be deployed on-site or within SHI IaaS datacenters.
- On premise vCore’s are configured based on customer demand for VM capacity, various vCore profiles depending on the number of VMs under management.
- Very easy way to add capacity, each vCore a standalone unit.
- Managed Private Cloud:
- Private vCore run directly on customer site.
- vCore = self contained server, storage, switching elements.
- Attach directly to customer network.
- vCore managed out of cloud centers via secure Internet connection.
- Can use NewScale portal to enable federated cloud, can literally request a vCore across on premise, cloud or combination of both.
- Appears to customer as a single entity.
- Response Managed Private Cloud Concept has been well above expectations.
- Can be multi-tenant but also private/dedicated vCore, only running VMs of a single customer.
Cloud Management Platform
- The brains of the Cloud Center.
- All the software that handles automated provision, layered security, customer portal.
- Each customer portal is tailored to their unique needs.
- Handles all monitoring, alarming, management, anything you need to manage the vCores.
Network Design
- Very network centric approach, deploy VMs on customer networks via vLAN extensions.
- Have to have an architecture that works across various size Cloud Centers.
- Needed a very flexible design.
- HP equipment:
- HP Virtual Connect,
- 10Gb end to end, multi-link trunks for resiliency,
- MPLS and 4094 vLANS down to vCore,
- Need complete MPLS support, most common method to deploy vLANs over SONET:
- Needed top to bottom vLAN support,
- HP has greatest vLAN density,
- Current support for expanded vLAN addressing capabilities,
- Across networking industry it was only HP that met all these requirements.
- HP IRF = virtualize multiple switches to appear as one, “very important to us”, significantly reduces time to failover pathways in event of switch failure:
- Helped both for config simplification and resiliency “enormously important to us”.
- HP “A” Series Switches:
- 12000 series switches as base network backbone,
- 5820s are networking elements directly associated with service cores,
- Provide spectacular bandwidth for VMs,
- Lots of cloud providers go cheap on this component, SHI approach fundamentally different -- want ultra-high resiliency:
- No whitebox, freeware, shareware throughout this solution.
- Logical Architecture:
- Use virtual connect capability of C7000, “in reality it is a switch”.
- Allows extremely good isolation between customers in multi-tenant cloud.
- vCore Network:
- designed for horizontal traffic within the vCores.
- HP IRF enables two physical switches to be managed as one logical switch.
- Virtual switches makes capacity expansion much more straightforward than a more traditional approach.
- Cloud Center Network:
- Have MPLS over SONET, also IPsec VPN.
- Also provide Internet access to Cloud Center for trials or for those not as bandwidth/latency sensitive.
- In DR model where customers loses data center and Internet, they can use SHI Internet access.
- Internet access provided both over SONET and via Metro Ethernet cable provider.
- WAN Connectivity:
- Can link SONET rings from other areas.
- 1GbE and 10GbE point to point ethernet and Internet.
- Focused on latency over anything else, many more apps struggle with latency over bandwidth -- this was first priority.
- 2 networks totally unrelated to each other, assured that if one goes down it will not impact operation of the other.
Vendor/Equipment Usage
- Use a large amount of the HP Software stack, primarily Opsware as core for provisioning virtual machines and automation.
- Use HP CMDB as the central database for customer configuration data.
- Use HP Operations Manager as single pane of glass.
- Use Network Node Manager.
- Use NewScale for portal technology.
- Use McAfee for IPS.
- Encryption for all data at rest via Brocade Encryption switches.
- Use RSA for encryption key management.
- Customer interface is through the NewScale portal.
- SHI has written the software to integrate all these components together, this is where its differentiation lies.