DES Virtualization

IPMA Briefing 2012

A New Opportunity - DES

• Legislative mandate to consolidate 5 agencies into DES

• Consolidate support to DES and support 2 existing agencies and 1 new agency

• IT support responsibility includes OFM, Governor’s Office and CTS

• Challenges abound – disparate storage, duplicate applications, redundant infrastructure, firewall separation

DES at InceptionInternet

SGN

R

R

R

R

R

Enterprise Applications

SSV FirewallCurrent DES Issues:- Isolated- A2A Traffic over SGN- Firewall obstruction- Conf Rm to agency logon via SGN

DES Current StateNetwork Consolidation Status 10/5/11

DRAFT

d

GOV Workstations

d

GA Workstations

d

DOP Workstations

d

CR Workstations

d

DIS Workstations

d

CTS Workstations

d

Dept of PrintingWorkstations

d

OFM Workstations

Print

File/App/Web

File/App/Web

File/App/Web

File/App/Web

File/App/Web

DES FirewallCTS FirewallDOP FirewallGA FirewallOFM Firewall

OFM AD

DOP ADGA AD

PRT AD

DIS ADDomains

By the Numbers…

• DES as new agency October 1st, 2011– 345 servers, 63% virtualized– VMware was primary platform– 3 SAN enabled virtual farms

Virtual Objectives

• Consolidate hardware in single “vFarm”• Extend layer 2 to virtualize existing pre-

DES agency infrastructures• Support “come as you are” vDC to

expedite virtualization and consolidation• Build new DES branded virtual data center

topology for DES services eClient and eApp

Virtual Data Centers…

DES Future Services

DCwa.lcl DC

wa.lclwa.lcl

eClient.wa.lcl eApp.wa.lcl

vDCeClient.wa.lcl

vDCeApp.wa.lcl

DCeClient.wa.lcl

vDCeClient.wa.lcl

DCeApp.wa.lcl

DCeApp.wa.lcl

vDCeApp.wa.lcl

Users

d

Workstations

File&Print

Mgmt Demarcation

CTS provisioned domain / CTS-DES shared

ownership / admin

DES provisioned services / DES administration

App/Web/SQLApp/Web/SQL

Shared Admin Domain ModelDRAFT 1/27/12

eClient & eApp Domains Washington StateAD Forest wa.lcl

DCeClient.wa.lcl

Present Virtual Work

• Virtualize 93 more servers to hit 90%• Migrate 3 ESX farms to 1 shared farm• Scale to support anticipated Windows

server growth of 7 – 10% per year• Build out network to support enterprise

services and desired efficiency

DES Shared Virtual Platform

• VMware ESX4i• HP DL380 G7 rackable servers• RAM (lots of it)• EqualLogic iSCSI storage• Licensing at the processor level• More RAM!

* RAM is always limiting factor

Storage

• iSCSI based 1GB I/F ethernet storage• 89.24 TB of RAID50 SAS & SATA disk• 16% in near term snapshots• Thin provisioned, over provisioned• Replicated to TierPoint data center• Fully virtualized

Layer 2 Extensions enabled…

• Virtualize “in place” – no change for existing applications

• Built-in backup / recovery– vRanger immediately picks up new guests

• Shared storage scalability– Growth accommodated at multi-agency level

• Operational mgmt by designated leads– Spread vFarm mgmt to key leads with

appropriate training

Layer 2 “Extended”

Virtual Console

• Virtual Console roles– Resource Pool Admin– Resource Pool Server Admin

• Attempted “linked consoles”– End client still needs direct access to primary

console

• Jumpbox model– RDP to console, run locally with pre-DES AD

accounts set to virtual Data Centers

VMware Converter

• VM converter “needs”– Virtual Console enabled guest within each

pre-DES network– Migration host with kernal (ip) on each client

network– No affinity during transition to invidual VM

host

Security

• pre-DES agencies had different security policies and data risks

• New security team and unified strategy at DES key enabler

• Building to support security spectrum– vLAN separation– vSwitch separation– vFirewall security & audit

Why Virtualize? Story 1

• AFRS Data Warehouse– Problem: Existing DW is operating 2

Windows 2003 x64 servers with SQL Server 2005 and team wants to migrate to Windows 2008 R2 x64 with SQL Server 2008 R2 Enterprise. Migration of data and transition is expected to take in excess of a month.

– Server 1: 2.85 TB of storage on 3 SAN volumes F, G, H– Server 2: 1.65 TB of storage on 2 SAN volume F, G

Why Virtualize? Story 2

• ERDC P20 Data Warehouse– Problem: The new P20 Data Warehouse for

the Economic Research & Development Council (ERDC) needed the ability to “recover” a full infrastructure platform (QA, DEV, Sandbox or Prod) to any given day / week in recent history.

Lessons Learned

• Cross train early and often• Change management and disciplined approach• Keep capacity for maintenance (n+1+ a little more)• Script configurations wherever possible for consistency

(powershell or ???)• Don’t assume – validate throughput, monitor links for even

load distribution, etc. (Windows perfmon, VMware esxtop, switch CLI)

• Don’t underestimate RAM and storage• Have your customers tout your success (nothing sells your

service more than a happy customer)• Patience – build in quality rather than rework

Questions