Automating the Virtual Data Center

Virtualization of computing resources in the data center has yielded significant operational efficiency gains for IT administrators. However, it has also brought several challenges along with it. One of those challenges is the persistent assignment and allocation of appropriate network resources as virtual machines are provisioned amongst diverse network locations. Dynamic resource provisioning ensures that the virtualized system has the correct access controls and prioritization required to meet the security and compliance requirements of the supported business process. In a static environment, this task is performed infrequently (often once) and then modified as needed, requiring very little administration. More commonly, the dynamic environment a virtualized data center presents (Moves, Adds and Changes of Virtual Images), drives potential network provisioning complexity and impacts IT administration workload. Consider how scenarios such as VM disaster recovery planning and associated network provisioning can drive increased IT complexity. There is an answer, Virtual Network Automation. Virtualization is a technology that has demanded network automation to effectively meet the requirements of today’s IT and business requirements.

Strong Wind today in Virtual Land

Realizing the full capability and investment of dynamic re-provisioning, load-balancing, and disaster recovery flexibility offered by today’s virtualization solutions, requires a network infrastructure that will dynamically adapt without human intervention. Intelligent infrastructure automation can solve 3 key network automation challenges in a virtualized data center without sacrificing access controls, prioritization, or compliance controls recognized in static data center environments. These network automation challenges include:

  1. Automated virtual machine identification and authentication
  2. Automated virtual network provisioning
  3. Differentiated access provisioning on shared network interface(s)

The first element of an automated virtual data center solution is authentication. Implementing machine authentication, also known as MAC authorization or MAC bypass, allows the infrastructure to recognize a new forwarding station on an Ethernet port. This intelligence provides insight into the device, capturing necessary requirements for the virtual network access controller. Automated for appropriate network resource allocation and provisioning. The provisioning instructions provided should include the VLAN assignment for the virtual machine, any necessary access control lists (ACLs), and appropriate quality of service (QoS) assignments for application priority delivery. The third key required element is the ability to provide differentiated access provisioning for the multiple virtual machines sharing a single gigabit or 10 gigabit Ethernet interface. Some switches today support individualized virtual sessions for each MAC address that is provisioned. Be sure to ask your vendor if they support this function.

The implementation of a virtual network access control system allows the IT administrator to group virtual machines into supporting business roles. The virtual network access control system ensures that as a virtual machine is provisioned, or re-provisioned, that it receives the correct services it requires. Smarter virtual network access control systems can coordinate multiple resources, solving the challenge of virtual machine mobility; let’s look at a real-world example.

A customer wants to ensure that if his location in Orlando experiences a partial server outage, that the virtual machines that the business is dependent on can be re-hosted at his data center in Tampa. His challenge: the IP address of the virtual machines hosting critical manufacturing applications must not change. As the hypervisor management system rehosts the virtual machine, the network access request from the switch in Tampa matches a location policy in the virtual network access controller. The switch port is provisioned with the correct VLAN, ACLs and QoS settings as it would normally occur, but an additional action provisions the local router to advertise the IP address of the migrated virtual machine at the Tampa facility. The remaining IP address range is still located in Orlando and connectivity is maintained. When the Orlando data center has the capacity to host the virtual machine, the migration is reversed.

  – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Effective Management of Static Analysis Vulnerabilities and Defects
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

This scenario would normally require the coordination among several persons in an IT department, along with much communication and manual intervention. The human aspect introduces timing issues and the potential for configuration errors. Automating this process provides for a quick consistent recovery of the business application that is predictable, repeatable and is not dependent on the presence of a human operator.

This type of automation in the virtual data center can solve many challenges, and therefore it is important that the data center networking infrastructure has the core capabilities required to execute precise and dynamic network provisioning.

Mark Townsend

About Mark Townsend

Mark Townsend's career has spanned the past two decades in computer networking, during which he has contributed to several patents and pending patents in information security. He has established himself as an expert related to networking and security in enterprise networks, with a focus on educational environments. Mark is a contributing member to several information security industry standards associations, most notably the Trusted Computing Group (TCG). Townsend's work in the TCG Trusted Network Connect (TNC) working group includes co-authoring the Clientless Endpoint Support Profile. Townsend is currently developing virtualization solutions and driving interoperability testing within the industry. Prior to his current position, he has served in a variety of roles including service and support, marketing, sales management and business development. He is considered an industry expert and often lectures at universities and industry events, including RSA and Interop. Mark is also leveraging his background and serving his community as Chairman of the local school board, a progressive school district consistently ranked in the top school districts of New Hampshire, with the district high school ranked as a "Best High School" by US News & World Report.


No comments yet.

Leave a Reply