The first generation of cloud Infrastructure as a Service (IaaS) was not designed
for the requirements of enterprise production applications. For the most part, offerings
were targeted at the public or consumers, small application development teams, sand
boxes for testing and evaluations or small departmental usage such as training.
Publically available statistics for the public cloud industry show wide fluctuations
in availability and overall availability of no more than 95%.
The outages made public by a number of providers reinforce the notion that the first
generation of IaaS was not designed to satisfy the performance, availability and
security requirements of enterprise production applications.
SHI’s purpose here is to highlight key design features of our cloud offerings
that demonstrate capabilities suited for a new generation of cloud infrastructure
designed for enterprise production applications and their “industrial grade”
requirements.
The SHI vCore* platform is our
physical cloud infrastructure of servers, storage and networking. It is a single
integrated unit of HP Enclosures, Blade Servers, Storage (2 tiers) and Networking.
The largest configuration is capable of generating over 2,000 VMs with 264 TB of
addressable storage.
The vCore is designed to be highly resilient to meet the availability requirements
of enterprise applications. All components (Enclosure, Servers, Storage and Networking)
have multiple units for redundancy with multiple connections so that no single
point of failure exists.
In addition to no single points of failure from the hardware side, the SHI Cloud
includes software features provided by VMware to further address enterprise application
availability.
VMware HA delivers the availability required by many applications running in
virtual machines, independent of the operating system and application running in
it. With VMware HA, SHI provides uniform, cost-effective failover protection against
hardware and operating system failures. The SHI Cloud:
- Monitors virtual machines to detect operating system and hardware failures
- Restarts virtual machines on other physical servers in the resource pool
without manual intervention when server failure is detected
- Protects applications from operating system failures by automatically restarting
virtual machines when an operating system failure is detected
In addition, there are those applications that also may require
a fault tolerant capability. In these cases, SHI uses VMware Fault Tolerance (FT).
VMware FT can be easily turned on or off for individual virtual machines. Since
it leverages existing VMware HA clusters, any number of virtual machines in
this cluster can be protected with VMware FT. Applications that require continuous
protection during certain critical periods of time such as quarter-end processing,
can utilize VMware FT for higher assurance of availability during those time periods.
VMware FT can automatically trigger seamless, stateful failover when the protected
virtual machines fail to respond—resulting in zero downtime, zero data loss and
continuous availability.
Security is a critical requirement for enterprise applications. SHI’s Cloud
Center uses a multi-layered design to address intrusion protection (McAfee &
vShield), network security (customer network isolation and security), third-party
breach monitoring and audit reporting (Solutionary) and data protection (data at
rest encryption).
All customer data within the SHI Cloud Center is fully encrypted at rest using Brocade
SAN Encryption Switches and Encryption Key management software from RSA. While others
may be willing to implement as an “add on” systems integration offering,
this is an SHI standard feature.
The first generation of cloud service providers offered an approach to network connectivity,
Internet – VPN IPSec. For most, this is still the approach today.
While Internet connectivity has many benefits, it does not provide the necessary
low latency required by many enterprise applications.
SHI not only provides Internet connectivity, but also a better performing alternative
to satisfy the low latency needs of enterprise production applications.
Our design offers excellent diversity in connectivity. Customers can connect via
MPLS (Network Node-to-Network Node) or IPSec VPN. Carriers can easily connect into
our Private DWDM (Verizon) or via Optimum Lightpath (Metro Ethernet over DWDM).
By connecting point-to-point or node-to-node into our high-speed network rings,
customers can obtain the low latency connectivity they require for enterprise production
applications.
In addition to the MPLS and private line low latency connectivity, the SHI Cloud
Center also leverages Virtual LAN (VLAN) connectivity. VLAN is a group of hosts
with a common set of requirements that communicate as if they were attached to the
same wire, regardless of their physical location. A VLAN has the same attributes
as a physical LAN, but it allows for end stations to be grouped together even if
they are not located on the same LAN segment. Virtual LANs operate at Layer 2 (the
data link layer) of the OSI model.
As VMware is also “VLAN Aware,” the SHI Cloud Center uses VLAN in conjunction
with a customer’s point-to-point or node-to-node connection into our high-speed
network rings to provide customer network isolation down to the vCore.
Customer Network Isolation allows SHI to provision VMs onto a customer’s network,
enabling the client’s network security to oversee the network as they see
fit, and from an on boarding perspective, determine the network addressing scheme
to be used.
If a service provider tells the customer which addressing scheme to use, it is a
red flag that the Customer Network Isolation is not in use and it is not the customer’s
network security that is “in charge.”
Virtual Connect is technology that rethinks how blade servers are connected to the
LAN and SAN because it has virtualized the connections to the outside world. This
enables the SHI Cloud Center to make changes without impacting other systems.
Virtual Connect Flex-10 technology builds even more flexibility into each server
blade to add four times more NICs without more hardware. The SHI Cloud Center can
also highly automate the fine-tuning of bandwidth to ensure responsiveness to customer
workload demands.
The SHI vCore with HP C7000 enclosures uses Virtual Connect in place of conventional
pass-thru or managed switch modules. SHI can abstract and pool the vCore server-edge
connections so they look like NICs and HBAs to the external LAN and SAN. This allows
SHI Cloud administrators to independently manage server blades and their connectivity
so we can maintain high-availability connections throughout the vCore server racks.
The SHI Cloud Center uses a Networking Switch technology feature called Intelligent
Management Center (IMC). IMC cohesively integrates fault management, element configuration
and network monitoring from a central vantage point for both physical and virtual
environments. When the SHI Cloud Center determines the need to move a VM using vMotion,
it is IMC that automates the move of the associated network profile for the VM to
ensure smooth and continuous service.
The SHI Cloud Center uses a Networking Switch technology feature called Intelligent
Resilient Framework (IRF) that can configure up to nine physical networking switches
as one virtual switch. This enables the SHI Cloud Center to have an ultra-resilient
switching fabric. Should a primary switch fail, IRF instantly provides a new primary
path assuring no disruption in customer service.
*Utilizing technology from SHI Labs (patents pending)
