Main Nav

ITANA,

 

I wanted to ask the group a couple of questions regarding Private Cloud architecture.

 

1.       How many institutions are using VM provisioning and some form of Private Cloud to provision servers to Academic departments, distributed IT groups, Students?

2.       Do you use a single flat cloud, deploying any type of VM (ex. ERP Web Application Server, Student accessible database server for a class, Web/Database systems for publishing research data) without concern for where the workloads physically reside? Or, do you have some physical partitioning of VM servers, say a farm for public services, a separate one for sensitive data, another for academic uses, etc?

3.       If you partition in some way at the physical server level do you follow that pattern at the network level, i.e. only make VLANs carrying like security level data available to farm components that process that security level (academic systems) or have specific network exposure (Internet exposed systems)

 

We’re re-visiting our VM architecture and are seeking out the current trend on what level to partition, if at all. Any thoughts would be greatly appreciated.

 

Thanks,

 

Bob Winding

University of Notre Dame

********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Comments

Hi Bob,

My responses below, I'm happy to answer further questions on this if that helps.

1. "Cloud" is too grand a term, I think, but we have a standing virtualisation infrastructure and a "virtual by default" policy along with accompanying processes that get machines provisioned as quickly as our current processes allow - for example, one of our licensing agreements requires a physical (read: paper) record of each deployed instance so we can't really speed that up.

2. We (in general) have two "trust" domains, each of which contains a number of VLANs with increasing levels of restrictions.  Each physical VMware host resides in one of the domains and the VMware clusters are named appropriately.  We do share blade chassis across domains, but control of the network and fibre switches within the chassis belongs to the Network team and not the VMware administrators.

3. Yes, we do.  The VMware hosts can only see the VLANs and SAN LUNs for their trust domain.

Ceri

On 13 Dec 2011, at 15:08, Robert Winding wrote:

ITANA,
 
I wanted to ask the group a couple of questions regarding Private Cloud architecture.
 
1.       How many institutions are using VM provisioning and some form of Private Cloud to provision servers to Academic departments, distributed IT groups, Students?
2.       Do you use a single flat cloud, deploying any type of VM (ex. ERP Web Application Server, Student accessible database server for a class, Web/Database systems for publishing research data) without concern for where the workloads physically reside? Or, do you have some physical partitioning of VM servers, say a farm for public services, a separate one for sensitive data, another for academic uses, etc?
3.       If you partition in some way at the physical server level do you follow that pattern at the network level, i.e. only make VLANs carrying like security level data available to farm components that process that security level (academic systems) or have specific network exposure (Internet exposed systems)
 
We’re re-visiting our VM architecture and are seeking out the current trend on what level to partition, if at all. Any thoughts would be greatly appreciated.
 
Thanks,
 
Bob Winding
University of Notre Dame
********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.


-- 
Ceri Davies
Information Services
Cardiff University

********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Message from mgdaley@umich.edu

Hi Bob,

We are providing a Private "Cloud" to both our Academic and Administrative units using VMware ESX and an HP Blade infrastructure. We started out with just the Administrative systems, then expanded it to include a service to the units -that was v 1.0. We are in the process of re-architecting the service as part of our NextGen Michigan initiative. Originally the provisioning was a manual process and as we matured we implemented VMware Orchestrator to provide a "Trial" service to units with completely automated provisioning. The biggest hurdle to automation that we've had to over-come was regarding the way our networks are configured (also being worked on as part of NextGen).

Our current offerings segregate the Administrative systems from the academic, but that will change in the future offering. The main driver for the segration was not technical, but rather our funding model (General Funded vs. Charged-back – again, something being worked on as NextGen). We do run a variety of applications in our Virtualization environments – everything from simple web hosting to our Peoplesoft (Web / App layer) environment. If there are any specifics you are looking for, just drop me a line and I can help fill in the blanks.
--  

-=< Mike >=- 
______________________________ 
Michael Daley 
Technical Infrastructure and Capacity Planning Manager
Information & Technology Services - University of Michigan
Arbor Lakes Bldg 3 - 1125
4251 Plymouth Rd.
Ann Arbor, MI 48105-3640 
734.647.9099

From: Robert Winding <rwinding@ND.EDU>
Reply-To: The EDUCAUSE ITANA Constituent Group Listserv <ITANA@LISTSERV.EDUCAUSE.EDU>
Date: Tue, 13 Dec 2011 10:08:43 -0500
To: <ITANA@LISTSERV.EDUCAUSE.EDU>
Subject: [ITANA] Virtualization and Private Clouds

ITANA,

 

I wanted to ask the group a couple of questions regarding Private Cloud architecture.

 

1.       How many institutions are using VM provisioning and some form of Private Cloud to provision servers to Academic departments, distributed IT groups, Students?

2.       Do you use a single flat cloud, deploying any type of VM (ex. ERP Web Application Server, Student accessible database server for a class, Web/Database systems for publishing research data) without concern for where the workloads physically reside? Or, do you have some physical partitioning of VM servers, say a farm for public services, a separate one for sensitive data, another for academic uses, etc?

3.       If you partition in some way at the physical server level do you follow that pattern at the network level, i.e. only make VLANs carrying like security level data available to farm components that process that security level (academic systems) or have specific network exposure (Internet exposed systems)

 

We’re re-visiting our VM architecture and are seeking out the current trend on what level to partition, if at all. Any thoughts would be greatly appreciated.

 

Thanks,

 

Bob Winding

University of Notre Dame

********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Here is the response from our Systems Engineering group.  

^----^----^----^----^


Begin forwarded message:

Date: December 20, 2011 1:39:24 AM CST
To: Jim Phelps 
Subject: Re: Fwd: [ITANA] Virtualization and Private Clouds

1.       How many institutions are using VM provisioning and some form of Private Cloud to provision servers to Academic departments, distributed IT groups, Students?

-- depends on how you define "private cloud." If the differentiator between private cloud and virtual infrastructure is self-service, we are not offering self-service yet, though we are amidst bringing up a VMware vCloud instance as a demo, with an eye towards future self-service operations. Otherwise, we are provisioning to departments and distributed IT groups through our normal charged-back hosting model.

2.       Do you use a single flat cloud, deploying any type of VM (ex. ERP Web Application Server, Student accessible database server for a class, Web/Database systems for publishing research data) without concern for where the workloads physically reside? Or, do you have some physical partitioning of VM servers, say a farm for public services, a separate one for sensitive data, another for academic uses, etc?

-- Depends on how you define "cloud." If you are using it interchangeably with "virtual infrastructure" we have a relatively flat cloud, with a single large cluster in each geographic location. We are very concerned with where workloads reside geographically, for redundancy & COOP reasons.

Since a vSphere cluster, properly sized, is N+1, fewer clusters means significant cost savings. We do not want to pay for any more +1s than we need to by having unnecessary clusters and their +1s. Larger clusters of identical machines opens the door to having fewer large hosts (versus many small hosts), which is also a serious time & money saver, especially with infrastructure costs. Larger machines are also bigger pools of resources for a VM to run in, and that reduces contention and ready time on VMs, as well as permitting better savings with transparent page sharing, etc.

When we have a self-service private cloud for departmental use it will need to be on compute infrastructure separate from where we run workloads that are important to the UW and UW System as an enterprise. This is as much to do with the requirements of vCloud Director and the incompatibility with traditional virtualization deployments as anything.

3.       If you partition in some way at the physical server level do you follow that pattern at the network level, i.e. only make VLANs carrying like security level data available to farm components that process that security level (academic systems) or have specific network exposure (Internet exposed systems)

-- Partitioning at the host level ("physical") has nothing to do with partitioning at the network level; they are unrelated & independent except via arbitrary policy. In our case, while we do not partition at the host level beyond resource limits & pools (to avoid resource starvation), guests are segregated into VLANs based on their security requirements.



On 12/16/2011 3:07 PM, Jim Phelps wrote:
1.How many institutions are using VM provisioning and some form of
Private Cloud to provision servers to Academic departments, distributed
IT groups, Students?

2.Do you use a single flat cloud, deploying any type of VM (ex. ERP Web
Application Server, Student accessible database server for a class,
Web/Database systems for publishing research data) without concern for
where the workloads physically reside? Or, do you have some physical
partitioning of VM servers, say a farm for public services, a separate
one for sensitive data, another for academic uses, etc?

3.If you partition in some way at the physical server level do you
follow that pattern at the network level, i.e. only make VLANs carrying
like security level data available to farm components that process that
security level (academic systems) or have specific network exposure
(Internet exposed systems)


--
Bob Plankers (plankers@doit.wisc.edu)
University of Wisconsin - Madison
Division of Information Technology
http://bob.plankers.com/

********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.