Campus Virtualization Update Laurie Collinsworth 1/25/2012
CIT’s Managed Servers 2 Campus Virtualization Initiative started in April 2011 Increase in VM’s since April 2011 is 386, ~50/month Decrease in Physical servers since April is 38, ~5/month ~ 50 retirements ~ 15 new servers (eg. Oracle RAC, routers, FIM)
Blade Center in Rhodes Hall CIT’s Virtualization Progress Identity Management 59 VMs, all Extra Tier Virtualized Apps: AD Cerificate Service Quest Migration Radius Kproxy/WebDAV Enterprise Directory Permit Service Web Services Cold Fusion Hosting 180 VMs for CF9 Redundant load balanced (eg:cornell.edu on 8 VMs) 55 websites, 78 test and dev sites Kuali 60 VMs, multiple JVMs per VM Horizontal scaling Black Board 14 VMs for Version 9 Architecture stress tested before each new release Kronos 12 VMs LAMP Hosting 50 VMs for LAMP 2.0 3
CIT’s Moves to Cloud (Software as a Service) Current cloud apps Gmail Box.net (pilot) Campfire (CIT incident response) Planned migration OnDemand Remedy WorkDay CIT effort/time tracking (internal) Investigations As applications are designed or upgraded, time is taken to see if SaaS or out-sourcing is a viable option. 4
Hurdles to Virtualization AD Migration - in progress Licensing – cost factor, OS level requirements Services scheduled to be retired or replaced Mainframe printing Oracle WebLogic Prioritizing of Staff to migrate applications Typically applications are upgraded as servers are replaced, not all at once. Consultants configure applications and leave. Staff reassignments or reductions 5
Non-supported Applications Hyper-V, Xen Desktop, ESX Domain Controllers, DNS, DHCP VPN, Firewalls, network scanners Cpanel and other system and network management software Virtual appliances Grey area: User “landing” machines really need a separate security level within the datacenter. (eg: logging onto a server to run user apps such and mail and browsing the internet) 6
Enablers for Virtualization AD Migration – in progress VM typically faster if physical server >2 yrs old Self-serve VM provisioning Self-serve CNAME creation Monitoring and Reporting Projects for PCI & off-site DR Documentation 7
Self-Serve for Service Groups Available since Oct 12, Service Groups configured –CIT–Infrastructure, Facilities, Forest Home, Library –SAS, CALS, Arts & Sciences, COECIS 30 authorized requestors 63 provisioned VMs (50 Windows, 13 Linux) mentation/VmSelfServForCustomers 8
Self-serve Configurations Pre-configuration for Service Groups –Service group, authorized requestors, approvals –Predefined projects, accounts, destination networks –Network size, network firewall, load balancer, ACLs –Default server administrators, local firewall –Windows: default Active Directory OU and domain- based policies –Linux: default Cfengine class and SFAM role(s). –Predefined name: sf-agoit-001.serverfarm.cornell.edu –Web page options: vCPU, Memory, filespace, C4C 9
New DNSDB feature Available since Nov 10, 2011 Netadmins of a DNS domain name can create CNAMES without owning the target name or IP space. addcname myfiles.cals.cornell.edu sf-agoit-001.serverfarm.cornell.edu addcname myotherfiles.cals.cornell.edu cloudhost001.providor.com 10
Monitoring and Reporting From the ground up we monitor: Power and cooling Key-card door access SAN storage arrays and network equipment Ethernet network equipment HP Chassis, blades, temperature VMware environment (ESX hosts) OS level environment (CPU, Memory, I/O, filesystem usage) Registered applications (web, db, ldap, etc) 11
Foglight monitors Vmware
Opsview monitors the OS level parameters and handles traps
Projects for PCI and off-site DR PCI hardware in-house and racked Geneva router to be upgraded DR hardware in design phase 14
Resources Infrastructure Virtualization Initiative – 17