campus virtualization update laurie collinsworth 1/25/2012
TRANSCRIPT
Campus Virtualization Update
Laurie Collinsworth1/25/2012
CIT’s Managed Servers
2
Jun07 Dec07 Jun08 Dec08 Jun09 Dec09 Jun10 Dec 10 June 11 Dec 110
200
400
600
800
1000
1200
1400
Physical to Virtual Comparison
Physical VM's
Campus Virtualization Initiative started in April 2011 • Increase in VM’s since April 2011 is 386, ~50/month• Decrease in Physical servers since April is 38, ~5/month
~ 50 retirements ~ 15 new servers (eg. Oracle RAC, Email routers, FIM)
Blade Center in Rhodes Hall
CIT’s Virtualization Progress
Identity Management 59 VMs, all Extra Tier Virtualized Apps:
AD Cerificate Service Quest Migration Radius Kproxy/WebDAV Enterprise Directory Permit Service Web Services
Cold Fusion Hosting 180 VMs for CF9 Redundant load balanced (eg:cornell.edu on 8 VMs) 55 websites, 78 test and dev sites
Kuali 60 VMs, multiple JVMs per VM Horizontal scaling
Black Board 14 VMs for Version 9 Architecture stress tested before each new release
Kronos 12 VMs
LAMP Hosting 50 VMs for LAMP 2.0
3
CIT’s Moves to Cloud (Software as a Service)
Current cloud apps Gmail Box.net (pilot) Campfire (CIT incident response)
Planned migration OnDemand Remedy WorkDay CIT effort/time tracking (internal)
Investigations As applications are designed or upgraded,
time is taken to see if SaaS or out-sourcing is a viable option.
4
Hurdles to Virtualization
• AD Migration - in progress• Licensing – cost factor, OS level requirements• Services scheduled to be retired or replaced
• Mainframe printing• Oracle WebLogic
• Prioritizing of Staff to migrate applications• Typically applications are upgraded as servers are replaced,
not all at once.• Consultants configure applications and leave.• Staff reassignments or reductions
5
Non-supported Applications
• Hyper-V, Xen Desktop, ESX• Domain Controllers, DNS, DHCP• VPN, Firewalls, network scanners• Cpanel and other system and network
management software• Virtual appliances• Grey area: User “landing” machines really need
a separate security level within the datacenter. (eg: logging onto a server to run user apps such and mail and browsing the internet) 6
Enablers for Virtualization
• AD Migration – in progress• VM typically faster if physical server >2 yrs old• Self-serve VM provisioning• Self-serve CNAME creation• Monitoring and Reporting• Projects for PCI & off-site DR• Documentation
7
Self-Serve for Service Groups
• Available since Oct 12, 2011• 8 Service Groups configured
– CIT–Infrastructure, Facilities, Forest Home, Library– SAS, CALS, Arts & Sciences, COECIS
• 30 authorized requestors• 63 provisioned VMs (50 Windows, 13 Linux)• https://vmselfserv.serverfarm.cornell.edu/• http://sysdocs.cit.cornell.edu/twiki/bin/view/
Documentation/VmSelfServForCustomers8
Self-serve Configurations
• Pre-configuration for Service Groups– Service group, authorized requestors, approvals– Predefined projects, accounts, destination networks– Network size, network firewall, load balancer, ACLs– Default server administrators, local firewall– Windows: default Active Directory OU and domain-
based policies– Linux: default Cfengine class and SFAM role(s).– Predefined name: sf-agoit-001.serverfarm.cornell.edu– Web page options: vCPU, Memory, filespace, C4C
9
New DNSDB feature
• Available since Nov 10, 2011• Netadmins of a DNS domain name can create
CNAMES without owning the target name or IP space.
• http://dnsdb.cit.cornell.edu/dnsdb-cgi/batch.pl• addcname myfiles.cals.cornell.edu sf-agoit-001.serverfarm.cornell.edu • addcname myotherfiles.cals.cornell.edu cloudhost001.providor.com
10
Monitoring and Reporting
• From the ground up we monitor:• Power and cooling• Key-card door access• SAN storage arrays and network equipment• Ethernet network equipment• HP Chassis, blades, temperature• VMware environment (ESX hosts)• OS level environment (CPU, Memory, I/O, filesystem usage)• Registered applications (web, db, ldap, etc)
11
Foglight monitors Vmware
Opsview monitors the OS level parameters and handles traps
Projects for PCI and off-site DR
• PCI hardware in-house and racked• Geneva router to be upgraded• DR hardware in design phase
14
http://www.it.cornell.edu/cms/services/managed_servers/options/vmware/index.cfm
http://www.it.cornell.edu/cms/services/managed_servers/faq.cfm
Resources
• Infrastructure Virtualization Initiative– http://www.cit.cornell.edu/about/projects/virtual/
17