Converging network with HP FlexFabric and FlexManagement

This week, we shine the spotlight on network convergence and management in the FlexNetwork portfolio, specifically the HP Virtual Connect FlexFabric modules and the Intelligent Management Control (IMC) software.  Networking is generally not my forte, so some of this is a stretch for me, but I use and understand Virtual Connect. FlexFabric is an implementation of Virtual Connect while IMC has been branded as FlexManagement in the portfolio and is used to encompass management for all of the FlexNetwork portfolio.

Some Basics on Virtual Connect

FlexFabric is a particular type of Virtual Connect module and fits into the FlexNetwork portfolio.  Virtual Connect attempts to address many problems, but primarily it is about reducing the amount of physical wiring and switch ports required to cable a blade system, about reducing human-caused errors due to complex cabling, and about adding the ability to pre-wire the entire enclosure for life and pre-allocate all Ethernet and SAN requirements during first install.

The major selling point of Virtual Connect is the ability to virtualize the network MAC addresses and the Fiber Channel worldwide names/ID (WWID).  Virtual Connect allows for server profiles to be built and assigned to blade hardware and then provides the ability to move the profile from physical blade to physical blade without the need to reconfiguration.  The virtualized WWID and MAC addresses are used instead of the physically assigned addresses that are provided from the manufacturer.

When first introduced, Virtual Connect (VC) existed as separate Ethernet and Fiber Channel modules.  Installed in pairs, each VC module is physically “wired” through a mid-plane to specific blade server ports.  Both the Ethernet and Fiber Channel pairs share a 10Gb “cross connect” connection on the backplane which allows each pair of modules to talk between each other and pass traffic to uplinks from each blade port, even if the uplink is on the other module.  The cross connects also allow for rerouting traffic to the other interconnect bay should an upstream network switch lose connection or become isolated.

Incremental Advancements

The first enhancement for Virtual Connect came with the introduction of Flex-10 technology in 2009, which took a 10Gb network interface on the motherboard and split it into 4 FlexNICs which are LAN on Motherboard (LOM) interfaces and allows the ability to set a fixed amount of bandwidth per FlexNIC.  Each interface is presented to the operating system on the blade as a separate NIC.

Covered in the call last week, the newest innovation in Virtual Connect technology is the ability to condense both Fiber Channel and Ethernet all onto a single set of interconnect modules, known as FlexFabric modules.  FlexFabric allow for the FlexNICs to present either 3 NICs and 1 FCoE (Fiber Channel over Ethernet) converged port to a server or 4 NICs (like the previous Flex-10), depending on server need.  The FlexFabric module removes the need for separate Fiber Channel adapters in a mezzanine slot on a blade and instead uses a Fiber Channel over Ethernet converged LOM.  From the FlexFabric Interconnect module, Fiber Channel uplinks are sent to the Fiber Channel switches and the traditional Ethernet uplinks are sent to network switches.  As the name implies, the ports are flexible and each of the SPF ports is capable of running Ethernet or Fiber Channel uplinks.

With any new technology, practices for security and monitoring must change and adapt to the innovation.  In general, security integration appears to be an afterthought in many cutting edge enhancements, taking VMware for example.  VMware is the most common example when we think of virtualization technology, but when virtual switching was first implemented, there was no way to view inter-VM traffic that never left the host.   In many cases, administrators were faced with a black box making it impossible to monitor, inspect or halt malicious traffic.

With Virtual Connect, some of the same issues apply, but HP has offered at least one solution to administrators and security officers.  HP’s Virtual Connect technology does allow for a network mirror port which can replicate all traffic out for inspection, so even traffic that never leaves the enclosure thanks to the way Virtual Connect implements can be inspected and send alarms accordingly.  It may not be as good as an in-line security solution that can actively block malicious traffic, but at least administrators can gain visibility.

A More Intelligent Way to Manage Network Infrastructure

As part of our call last week, we were also shown HP’s Intelligent Management Center, or IMC.  This software is a control and monitoring software for heterogenous switches and routers in the datacenter all from a single, common interface.  IMC is an impressive offering from HP, which gives network administrators a single interface to learn to provision all of their switches.  With a hardware compatibility list of over 5,000 devices, the IMC is a capable platform to control both your HP, Cisco and other vendor’s network gear.

IMC addresses the problem of swivel chair management where administrators must monitor multiple, vendor-provided management products for each different vendor or product line represented in your datacenter.  But even for a company that has standardized on non-HP network gear, IMC is a powerful interface that can be put to work for them for more than just monitoring and management.

IMC is a modules that can be added in for user access management which can centralize user accounts with a full-featured RADIUS server that can be used 802.1X, VPN, and wireless authentication.  In addition the UAM module adds features to lock down and secure corporate devices by preventing IP and user account spoofing and prevent address conflicts.  The same package can also be used to lock down corporate PC’s to prevent use of USB and external storage devices.  Another module that plugs into IMC is Endpoint Admission Defense tools, which can be used to policy control clients and ensure that devices on the network are safe for the network, patched and have up to date antivirus definitions.

IMC provides a great view into virtualized networking (as in VMware) and can monitor the virtualized networking to a very granular level. It exposes what has been a black box of virtual networking using vendor provided API’s.    At present, IMC support VMware and Hyper-V but will grow to include XenServer and KVM in 2012, if things go as planned.

Recap

All in all, the entire series for the Blogger Reality Show has focused on ways to converge infrastructure for simplicity and ease of management.  Each of the HP offerings approaches convergence on different sections of the IT puzzle. In HP’s product line, we have seen the basic building blocks of convergence with servers and the Bladesystem, we have seen converged storage solutions built on x86 hardware, we have seen these solutions built into larger solutions for virtualization and cloud, and finally we have investigated the solutions HP has to converge and management networking.

The Reality Show has been a very cool thing to take part of.  From a blogging perspective, it has been very cool to get judges feedback and to learn and stretch myself by trying new ways to promote the blog and posts.  The winner will be named next week at VMworld and I’ll try to post an expanded post about the contest after we wrap next week.  So, now it is your turn again…  Vote and comment.

This is the third and final post for Thomas Jones’ Blogger Reality Show sponsored by HP and Ivy Worldwide. I ask that readers be as engaged and responsive as possible during this contest.  I would like to see comments and conversations that these entries spark, tweets and retweets if it interests you and I also request that you vote for this entry using the thumbs up/thumbs at the top of this page.  As I said earlier, our readers play a large part in scoring, so participate in my blog and all the others!

Simplifying IT support and deployments with converged systems

All IT solutions will experience problems at some point in their life.  Supporting IT solutions is difficult, time-consuming and costly, but also a fact of life – a fact as a systems administrator I am thankful for.  It means, I have a job.  Problem solving skills are absolutely necessary, but all administrators need the expert help of vendors’ support departments when our knowledge runs into something we just don’t know.

Unfortunately, when multiple vendors’ products are coupled together as a solution, support can become nasty as vendors point back and forth at each other while trying to get to a resolution.  The more complex the solution, for instance a SAN, the more difficult to troubleshoot through the multiple layers of software, firmware and hardware, even multiple vendors of the solution.  And, I believe, the hassle has made customers seek a better way.

Finding a better way

In my employer’s case, they chose to standardize with a single vendor long before I joined the staff.   We have stuck with servers and storage hardware from the single vendor, including their certified part upgrades (no third party upgrade components).  We chose to do this to simplify our support and avoid finger-pointing.

The vendor we standardized with was HP, and the reason was that they offered an entire line of products under their umbrella to meet our needs.  By the time I joined the staff in 2006, we were already HP heavy, except where a specific Unix was required by another vendor.   What we wanted as a customer was the quickest and easiest route  to a resolution, with the least resistance and finger-pointing, when a problem came up.  Even beyond the hardware solutions, HP has handled our software support for Microsoft, RedHat and VMware for many years.  We wanted this because the software companies could not finger point at the hardware or vice versa – HP was doing it all.  Sure, it might happen between teams in HP occasionally, but we could easily escalate our case and have a manager bring this to a resolution.  It has worked well for our needs.

Having all this expertise in-house is an advantage that HP is now branding under the name “Converged Systems” or the “Instant-On Enterprise”.  Earlier this week, I attended a webinar for the Blogger Reality Contest where HP unpacked more of its converged solutions strategies.  HP is bringing together all of the pieces spread throughout its portfolio into specialized solutions.  Its not a new concept, in my opinion, but one that some customers have been already using for years on their own.  HP has improved on this by tweaking configurations  to squeeze performance out of configurations and adding software to ease installation and management of the solutions.

Building Upwards – HP VirtualSystem

HP introduced VirtualSystem in June as a modular, easy and quick way to implement virtualization in customer datacenters.  The VirtualSystem solution is a full package of storage and compute resources plus the software tools to quickly and easily deploy a virtual stack in an environment.

For HP VirtualSystem, the key benefits are:

  • Quick built out timeframe
  • Automation through Insight Control suite components
  • Monitoring through the Insight Dynamics suite components
  • Improved virtual machine performance, cost and scale due to purpose built hardware
  • Ability to upgrade to CloudSystem for fully automated IT
  • Single point of contact for support – HP for compute, storage and software, including hypervisor

HP VirtualSystem comes in 3 levels (shown below).  The VS1 is built out using rack-mount, Proliant hardware for both the server hosts and for the storage and features a P4000 series iSCSI storage array.  It is rated to handle up to 750 virtual machines and can scale up to 8 physical hosts.  The VS2 is built out using HP BladeSystem with a P4800 iSCSI storage array (covered in depth last week).  It is rated for up to 2500 virtual machines and can scale up to 24 physical hosts.  The third offering is the VS3 which is built on HP BladeSystem and the 3PAR Utility Storage platform to provide ultimate scale and performance.  VS3 introduces fiber channel storage capability and scales up to 6000 virtual machines with up to 64 hosts.

In terms of choice, VirtualSystem supports all three major hypervisors from VMware, Microsoft and Citrix.  Using my company as an example again, the multi-hypervisor datacenter already exists.  We are utilizing VMware vSphere heavily and then some Citrix XenServer.  When it came to planning upgrades for our aging MetaFrame/XenApp farm, we looked at virtualization.  As we evaluated XenServer, we found it to be “good enough” for running Citrix XenApp on top of it.  XenApp has its own failover and redundancy built into the application layer, so many of the VMware advanced features did not matter.

For VirtualSystem, HP is also handling all support for both the hardware and software for these solutions.  Having experience with HP’s software support teams, I can report that they do a good job at it.  I would not say they are always perfect, but in general, they have solved our issues and advised us well, so in reality this is a big benefit.  For those who want not on break/fix support, HP offers Proactive 24 Services for an additional level of preventative support.

Building to the cloud – HP CloudSystem

As I learned at HP Discover, just because you have a large virtualization pool in your datacenter does not mean you have a private “cloud.”  The critical difference between a virtual infrastructure and a cloud is orchestration and automation.  Built on top of HP VirtualSystem, HP CloudSystem is a solution that offers all of the necessary orchestration, service catalog and workflows to turn virtual infrastructure into a true cloud.  There is a clear and clean upgrade path from VirtualSystem into CloudSystem.  And for those starting fresh or who want to evaluate the HP solution, there is even an HP CloudStart service which will deliver a rack with CloudSystem into their datacenter and have it fully operational in 30 days or less.

CloudSystem is offered in three levels: CloudSystem Matrix, CloudSystem Enterprise and CloudSystem Service Provider.  CloudSystem Matrix is targeted towards those looking to automate the private cloud, customers who are looking to add automation and orchestration to their existing virtual systems.  It provides infrastructure as a service (IaaS) and basic application provisioning in minutes.  CloudSystem Enterprise extends upon Matrix and allows for private and hybrid cloud, enabling the bursting of workloads to public cloud.  It is a platform for hosting not only IaaS, but Platform as a Service (Paas) and Software as a Service (SaaS).  CloudSystem Enterprise provides application and infrastructure lifecycle management and allows for management of traditional IT resources in addition to virtualized resources.   The CloudSystem Service Provider edition extends upon the Enterprise edition and allows for multiple tenants on a single infrastructure, securely without exposing customer data between customers.  It is intended to host public and hosted private clouds for customers.  The editions in CloudSystem are more about capabilities and less about limits, compared to VirtualSystem.

Since automation and orchestration is the key of CloudSystem, that is where I wanted to focus.  The base of CloudSystem is the Matrix Operating System, which is the same combination of HP software found in the HP VirtualSystem solution.  On top of the Matrix Operating System, the CloudSystem Matrix solution includes Cloud Service Automation for Matrix.  This software includes Server Automation for lifecycle management for physical and virtual assets via a single portal and set of processes and HP SiteScope, an agent-less monitoring solution for performance and availability.

The enterprise and service provider editions include a beefed up version called, simply, Cloud Service Automation.  It includes the entire orchestration, database and middleware automation pieces of the pie and a cloud controller software.  These additional pieces allow not only the automatic and streamlined provisioning of physical and virtual servers but also the provisioning of the required glue that sits in between the apps and the servers.  The diagram below from HP shows all the moving parts of Cloud Service Automation better than I can explain in words.  And because, Cloud Service Automation is total lifecycle management, there are the pieces for monitoring and performance management which would be needed.  In addition, the centralized portals serve as point for both end users and IT professionals to manage the cloud.

Cloud Maps are another feature of CloudSystem and these are predefined automation workflows for deploying software and platforms easily.  These are the piece of the puzzle that allows for improved deployment times and also allow for drag and drop creation of new workflows and processes in the cloud.  HP has worked with its software partners to create these maps of requirements and automate the process of deploying their solutions.

Beyond all of the capabilities, HP is working hard to make this an open solution by making it compatible to burst workloads into third party clouds, whether its Amazon’s EC3 or a vCloud service provider.  This was a point stressed during the announcements at HP Discover and during the call on Tuesday.

This is post number two for Thomas Jones’ Blogger Reality Show sponsored by HP and Ivy Worldwide. I ask that readers be as engaged and responsive as possible during this contest.  I would like to see comments and conversations that these entries spark, tweets and retweets if it interests you and I also request that you vote for this entry using the thumbs up/thumbs at the top of this page.  As I said earlier, our readers play a large part in scoring, so participate in my blog and all the others!

This isn’t the first time I’ve written about CloudSystem.  In June,  I posted about my take on CloudSystem Service Provider from a potential service provider’s perspective.  I encourage you to take a look at that post, too, after you take a minute to comment and/or vote on this post.