Imagine Virtually Anything Solution Brief - NetApp, Cisco, and …m.softchoice.com/files/pdf/brands/netapp/ds-2953.pdf · 2013-01-16 · Cisco’s Unified Computing architecture is

Solution Brief

• Telcosandserviceprovidersmustseparatebilling,CRM,paymentsystems,resellerportals,andapplicationhostingenvironments.

• Financialorganizationsneedtoisolateclientdetailsandpartitiontrading,whole-sale,andretailbanking.

• Governmentsmustpartitionrecordsfortaxation,welfare,healthcare,education,defense,andsoon.

Howcanyoubecertainthatapplications,data,andcustomersaresecurelyisolatedasyoumigratecriticalapplicationstoaninfrastructureinwhichservers,networks,andstorageareallsharedresources?

THE SOLUTION

A secure, virtualized dynamic data centerNetApp,Cisco,andVMwarehavepartneredtocreateauniqueservice-orientedinfra-structure(SOI)thatincludesallserver,storage,andnetworkinghardwareandsoftwaretofacilitatesharing,reuse,anddynamicresourceallocation.OurSOImini-mizestheriskofmakingthetransitiontoacloudinfrastructurewhiledeliveringtheadvancedcapabilitiesyouneedtosucceed.

THE CHALLENGE

Today’sITinfrastructuretoooftensuffersfromsiloedserverandstorageresources—leadingtolowutilization,grossinefficiency,andaninabilitytorespondquicklyandflexiblytochangingbusinessneeds.

Thearrivalofcloudcomputing—andtheadoptionofcloudinfrastructuretodeliverITasaserviceindatacentersofalltypes—promisestoovercometheselimitationsandreducefutureITspendingbyasmuchas47%.

However,lackofconfidencethatdataandapplicationswillbesecurelyisolatedhasbeenamajorimpedimenttoadoptionofcloud-basedservices:

• LargeenterprisesneedtoisolateHRrecords,finance,customercreditcarddetails,andsoon.

• Organizationsmustmakesureoftheseparationofbusinessunitapplicationsanddata.

• Outsourceddevelopmentrequiressepa-rateareasforeachdevelopmentactivity.

• Healthcareorganizationsmustmakesureofpatientrecordconfidentiality.

• Universitiesneedtopartitionexaminations,enrollmentdetails,andcommercialresearch.

NetApp,Cisco,andVMwareDeliverEnd-to-EndSecureMulti-Tenancy

KEY fEATUrES

Three industry leaders, one architectureAnarchitecturetosupportsecureisolationandsecurityformulti-tenantenvironments

NetApp MultiStoreStoragesecurityandisolationfordataandapplications

NetApp Data MotionAlways-ondatamobility

Cisco Unified Computing SystemIntegratednetwork,compute,andstorageaccess

Cisco Nexus Series SwitchesDatacenter–classswitchesthatprovideend-to-end,role-basedfabricsecuritywithTrustSec

Cisco SAfESecurityreferencearchitectureforbuildinghighlysecureandreliablenetworks

VMware vSphereAsecurecloudoperatingenvironment

VMware vShield ZonesSecure,isolate,andsegmentvirtualmachinesandvApps

Keyfeaturesincludeanefficient,always-oninfrastructurewithelasticscalability;inte-grateddataprotection;advancedautoma-tion;andtheabilitytotransparentlymigratebothapplicationsanddataacrosstheinfrastructure.Wehavebroughttogetheryearsofcombinedexperiencetocreateamulti-tenantSOIinwhichseparateappli-cationsorcustomerscansharethesameserver,storage,andnetworkinginfrastruc-turewithcompleteisolationsosensitiveinformationisnevercompromised.

Theindividualtechnologiesare—bythem-selves—thebesttheindustryhastooffer.Together,thesetechnologiesofferuniquesynergiesthatgreatlysimplifythedeploy-mentandmanagementofITinfrastructureandapplicationswith:

• Unmatchedend-to-endsecurityandisolationinvirtualizedenvironments

• Simplified,unifiedarchitecture• Lowercost• Greaterbusinessagility• Lessrisk

THrEE INDUSTrY LEADErS, ONE SECUrE ArCHITECTUrE

Thetraditionalapproachtoguaranteeingapplicationisolationrequiresdedicated,isolatedhardware.Acloudinfrastructuredemandsstrictisolationbetweendifferentclients,businessunits,departments,securityzones,andlayersinthree-tieredWebarchi-tectures—aswellastheabilitytoseparateproductionoperationsfromQA,develop-ment,andsoon.Securemulti-tenancyenablesyoutopartitionasharedinfrastruc-tureinwhateverwaymakessenseforyourbusiness.Dataanddataaccessaresecurelyisolated,andworkloadperformanceismaintained.

requirementsaremetbyasinglestoragesolution,soyouapplythesamehardware,software,people,andprocessestomeetallyourstorageneedsandachievealevelofefficiencythatsimplyisnotpossiblewithothervendors’solutions.Innovativesoftwarehelpsyoumeetspecificobjectivesforautomation,dataprotection,andsecurity.

Secure storage multi-tenancyNetApppioneeredtheideaofsecurestoragemulti-tenancyoversevenyearsagowiththeintroductionofNetAppMultiStoretechnology,providingalevelofsecurityandisolationforvirtualizedstoragecomparabletophysi-callyisolatedstoragearrays.Over20,000MultiStorelicenseshavebeensold.

MultiStoreletsyoucreatemultiple,completelyisolatedlogicalpartitionsonasinglecost-effectiveEthernet-basedstoragesystem,soyoucansharestoragewithoutcompromis-ingprivacy.Theresultsaresecure,sharedcloudstorageandincreasedstorageutiliza-tion.Individualstoragecontainerscanbemigratedindependentlyandtransparentlybetweenstoragesystems.

NetAppDataMotionisaperfectcomple-menttoVMwareVMotion™andVMwareStorageVMotion.WithNetAppDataMotionyoucanmigrateentireVMwaredatastoresbetweenstoragesystemstobalanceload,expandstoragecapacity,orrefreshtechnology withoutdisruption.

CISCO: SECUrE, UNIfIED COMPUTING

Today,ITorganizationsassembletheirdatacenterenvironmentsfromindividualcompo-nents.Theiradministratorsspendsignificantamountsoftimemanuallyaccomplishingbasicintegrationtasksratherthanfocusingonmorestrategic,proactiveinitiatives.

TocreateourSOI,NetApp,Cisco,andVMwaretookaholisticapproachthatallowsdatastorage,networkfabric,andvirtualserverstobeefficientlyshared.Inamulti-tenantenvironment,virtualmachines(VMs)orgroupsofVMsaresecurelyisolatedfromotherVMsorgroupsofVMsusingVMware® vShieldZonestechnology.Oncesecurelyisolated,VMsareconnectedtostoragesystemsthroughanetworkthatisseg-mentedandsecuredusingtheCisco®Nexusfamilyofproducts.ThestoragevFiler™unitstowhichtheyconnectarealsosecurelyisolatedfromothervFilerunitsusingNetApp® MultiStore™technology,whichresultsinanend-to-end,secureisolatedstoragesystem.

Asindustryleadersintheirrespectivefields,eachpartnercontributesproventechnologytomakesureofend-to-endsecurity.WithourSOI,wehavecombinedtechnologiesthatprovidelayersofisolation—inmanycasesproventhroughyearsofuse—intoasinglearchitecturewithsecureisolationofdigitalassetsandresourcesinflightandatrest.

ClosecollaborationandcarefulintegrationeliminatethecomplexityoftraditionalITinfrastructureinfavorofstandardizedcom-ponentsandconsistentmanagementprac-ticesthatloweracquisitionandoperatingcosts,reducestaffskillsetrequirements,shortenprovisioningtimes,andincreaseresourceutilization,allwhileprovidinggreatersecurity.

NETAPP: SECUrE CLOUD STOrAGE

Thetypicalapproachtostorageforcesyoutobuydifferentstoragesystemstoaccom-modatedifferentneeds.WiththeNetAppUnifiedStorageArchitecture,allstorage

“T-Systems’DynamicServicesdeliversecureandreliablecloudservicestoourcustomers.WithNetAppsystems,NetAppMultiStore,CiscoNexusproducts,andVMware,ourdatacentersareabletoprovidesharedyetsecurecloudsofserver,network,andstorageresources.”Klaus rubikHeadofEngineeringandSystemsManagement,T-Systems

Cisco’sUnifiedComputingarchitectureisanext-generationdatacenterplatformthatunitescompute,network,storageaccess,andvirtualizationinacohesivesystemdesignedtoreducetotalcostofownershipandincreasebusinessagility.TheCiscoUnifiedComputingSystem®seamlesslyintegrateswithCisco’sNexusSeriesofdatacenter–classswitches.

Cisco unified fabricAtypicaldatacenterenvironmentsupportsthreeorfourparallelnetworks:onefordata,oneforstorage,oneformanagementnet-work,andpossiblyoneforserverclustering.Thisincreasesmanagementcomplexityandimposessignificantcostsforinterfaces,cabling,rackspace,upstreamswitches,power,andcooling.

Unifiedfabricconsolidatesthesedifferenttypesoftrafficontoasingle,general-purpose,high-performance,highlyavailable10-GigabitEthernetnetworkthatgreatlysimplifiesnetworkinfrastructureandreducescosts.Todoallthis,aunifiedfabricmustbeintel-ligentenoughtoidentifydifferenttypesoftrafficandhandlethemappropriately.Cisco’sunifiedfabricdeliversahigherlevelofperformancewhileguaranteeingtheisolationandsecurityofbothuseranddatatraffic.

Cisco Nexus 1000V virtual switchesCiscoNexus1000VSeriesSwitchesareanintelligentsoftwareswitchimplementationforVMwarevSphere™environments.Operat-inginsidetheVMwareESXhypervisor,theCiscoNexus1000VSeriessupportsCiscoVN-Linkservervirtualizationtechnologyforpolicy-basedvirtualmachineconnectivityandmobileVMsecurityandnetworkpolicy.

Cisco Nexus 2000, 5000, and 7000 Series data center switchesTheinnovativearchitectureoftheCiscoNexusSeriesSwitchessimplifiesdatacentertransformationwithastandards-based,high-performance,unifiedGigabitEthernetand10-GigabitEthernetfabricthatconnectsservers,storage,andusers,greatlysimplifyingnetworkmanagementwhiledeliveringadvancedcapabilitieswithend-to-endsecu-rityforallnetworktraffic.CiscoTrustSecprovidesrole-basedsecurityforallnetworktraffic.TrustSecmakesyournetworkfabricroleawarethroughsecureaccesscontrol,aconvergedpolicyframework,andpervasiveintegrityandconfidentiality.

Cisco SAfECiscoSAFEconsistsofdesignblueprintsbasedonCiscoValidatedDesignsandprovensecuritybestpracticesthatprovidethedesignguidelinesforbuildingsecureandfigure 1) Design elements of the secure multi-tenant infrastructure.

ERP HR CRM

• vSphere• vShield Zones• vCenter

• Cisco SAFE• Nexus 1000V• Nexus 2000/5000/7000• UCS• 10GbE

• MultiStore• NetApp Data Motion• 10GbE NFS/iSCSI/FC

VMware VMware VMware

Formoreinformationvisit www.imaginevirtuallyanything.com.

reliablenetworkinfrastructures.Multiplelayersofsecuritycontrolsareimplementedthroughoutthenetworkunderacommonstrategyandadministration.CiscoSAFEusestheCiscoSecurityControlFramework,acommonframeworkthatdrivestheselectionofproductsandcapabilitiesthatmaximizevisibilityandcontrol,thetwomostfunda-mentalaspectsdrivingsecurity.Thisframe-workfacilitatestheintegrationofCisco’srichportfolioofsecurityservicesdesignedtosupporttheentiresolutionlifecycle.

VMWArE: SECUrE VIrTUALIZATION

Servervirtualizationisintegraltothedevel-opmentofacloudcomputinginfrastructure.VMwarecontinuestoleadthewaywithvalue-addedcapabilitiesthatfosternewwaysofdoingbusiness.

VMware vSphereBringthepowerofcloudcomputingtoyourITinfrastructurewithVMwarevSphere,thenextevolutionarystepinITcomputingandthemosttrustedvirtualizationplatformavailable.Builtonaprovenvirtualizationplatform,vSphereprovidesafoundationforbothinternalandexternalclouds,

usingfederationandstandardstobridgecloudinfrastructuresandcreateasecureprivatecloud.

VMware vNetwork Distributed SwitchTheVMwarevNetworkDistributedSwitchmaintainsthenetworkruntimestateforVMsastheymoveacrossmultiplehosts,enablinginlinemonitoringandcentralizedfirewallservices.Itprovidesaframeworkformoni-toringandmaintainingthesecurityofvirtualmachinesastheymovefromphysicalservertophysicalserverandenablestheuseofthird-partyvirtualswitchessuchastheCiscoNexus1000Vtoextendfamiliarphysicalnetworkfeaturesandcontrolstovirtualnetworks.

VMware vShield ZonesVMwarevShieldZonesisacentrallyman-aged,statefuldistributedvirtualfirewallbundledwithvSpherethattakesadvantageofESXhostproximityandvirtualnetworkvisibilitytocreatesecurityzones.VMwarevShieldZonesintegrateswithVMwarevCenter™andleveragesvirtualinventoryinformationsuchasvNICs,portgoups,clusters,andzonestosimplifyfirewallrulemanagementandtrustzoneprovisioning.

PrOVEN PArTNErSHIPS

ThisSOIisnottheresultofneworuntestedrelationships.NetApp,Cisco,andVMwarehaveworkedcloselywitheachotherforyears,forgingprovenrelationshipsthatresultinsuperiortechnologyandtheabilitytopro-videcoordinatedsupportwithoutneedlessfingerpointing.

Tofacilitatedeliveryoftheservice-orientedinfrastructure,wehavequalifiedateamofsystemintegratorstohelpyoudirectlyassessyourneedsandplanandimplementallelementsoftheinfrastructure,custom-tailoredforyourbusiness.Dependingonyourpreferences,youcanmakeacompletetransformationorevolveyourexistinginfrastructurestepbystep.

GETTING STArTED

Tolearnmoreaboutoursecuremulti-tenancysolution,readtheSecureCloudArchitectureOvervieworcontactyourlocalNetApp,Cisco,orVMwarerepresentative.

©Copyright2010NetApp,Inc.Allrightsreserved.NoportionsofthisdocumentmaybereproducedwithoutpriorwrittenconsentofNetApp,Inc.NetApp,theNetApplogo,Gofurther,faster,MultiStore,NetAppDataMotion,andvFileraretrademarksorregisteredtrademarksofNetApp,Inc.intheUnitedStatesand/orothercountries.VMwareisaregisteredtrademarkandVMotion,vSphere,andvCenteraretrademarksofVMware,Inc.CiscoandUnifiedComputingSystemareregisteredtrademarksofCiscoSystems.Allotherbrandsorproductsaretrademarksorregisteredtrademarksoftheirrespectiveholdersandshouldbetreatedassuch.DS-2953-0910