ب م ۔ يِ حَ ّ ر ل اِ نٰ م حَ ّ ر ل اِ ہ ل ل اِ م سِ “Acquire knowledge and impart it to the people.” Holy Prophet Mohammed (- ﷺSallallaho Alaihi Wa’Sallam)
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
حمن ب ہ�سم الل الرحيم ۔الر
“Acquire knowledge and impart it to the people.” Holy Prophet Mohammed (-ملسو هيلع هللا ىلصSallallaho Alaihi Wa’Sallam)
Group Name: THE TRANSWORKERS
Muhammad Ahad
BSITF13MM031
Content: • Introduction to Data Centre. • Data Center Network Design. • Data Center Network
Application Architecture Models.
• Data Center Architecture. • Data Center Topologies. • Data Center Services.
Data Center: • A data center is a centralized
repository, either physical or virtual, for the storage, management, and dissemination of data and information organized around a particular body of knowledge or pertaining to a particular business or education.
Data Centre can be Classified as either: • Enterprise (Private):
Privately owned and operated by private corporate, institutional or government entitles.
• Co-Location/Hosting (Public): Owned and operated by Telco’s or service providers.
• Data Centers house critical computing resources in controlled environments and under centralized management, which enable enterprises to operate around to the clock or according to their business/educational needs.
• These computing resources include mainframes, web and application servers, file and print servers, messaging servers, application software and the operating systems that run them, storage subsystems, and the network infrastructure, whether IP or storage-area network (SAN).
Additionally, a number of servers support network operations and network-based applications. Network operation applications include:
• Network Time Protocol (NTP). • Terminal Emulator (TN3270). • File transfer protocol (FTP). • Domain Name System (DNS). • Dynamic Host Configuration Protocol (DHCP). • Simple Network Management Protocol
(SNMP). • Trivial File Transfer Protocol (TFTP). • Network File System (NFS). • Network-based applications, including IP
telephony, video streaming over IP, IP video conferencing.
Data Centre Network Design: The following section summarizes some of the technical
considerations for designing a modern day data center network.
• Infrastructure Services: Routing, switching, and
server-farm architecture. • Application Services: Load balancing, Secure Socket
Layer (SSL) offloading, and caching. • Security Services: Packet filtering and inspection,
intrusion detection, and intrusion prevention. • Storage Services: SAN architecture, Fiber Channel
switching, backup, and archival. • Campus Continuance: SAN extension, site selection, and
Data Center interconnectivity. Data Center Roles: Figure 1 presents the different building blocks used in the
enterprise network and illustrates the location of the Data Center within that architecture.
The building blocks of this typical enterprise network include: • Campus Network: • Private WAN:
Data Centre Network Design: • Remote Access: • Internet Server Farm: • Extranet Server Farm: • Intranet Server Farm:
• Data Centers typically house many components that
support the infrastructure building blocks, such as the core switches of the campus network or the edge routers of the private WAN.
• Data Center designs can include any or all of the building blocks in Figure 1-1, including any or all server farm types.
• Each type of server farm can be a separate physical entity, depending on the business requirements of the enterprise.
• For example, a company might build a single Data Center and share all resources, such as servers, firewalls, routers, switches, and so on. Another company might require that the three server farms be physically separated with no shared equipment.
Figure 1-1:
Data Center Network Application Architecture Models: • Architectures are constantly evolving, adapting to new requirements, and using new technologies.
• The most pervasive models are the client/server
and n-tier models that refer to how applications use the functional elements of communication exchange.
• The client/server model, in fact, has evolved to the n-tier model, which most enterprise software application vendors currently use in application architectures.
The Client/Server Model and Its Evolution: The classic client/server model describes the communication between an application and a user through the use of a server and a client. The classic client/server model consists of the following: • A thick client that provides a graphical user interface
(GUI) on top of an application or business logic where some processing occurs.
The Client/Server Model and Its Evolution:
• A server where the remaining business logic resides.
•
A thick client is then a portion of the application code running at the client’s computer that has the responsibility of retrieving data from the server and presenting it to the client.
• The thick client code requires a fair amount of processing capacity and resources to run in addition to the management overhead caused by loading and maintaining it on the client base.
• The server side is a single server running the presentation, application, and database code that uses multiple internal processes to communicate information across these distinct functions.
• The most fundamental changes to the thick client and single- server model started when web-based applications first appeared.
The Client/Server Model and Its Evolution: • Web-based applications rely on more standard
interfaces and message formats where applications are easier to share. i.e. HTML and HTTP.
•
The migration from the classic client/server to a web-based architecture implies the use of thin clients (web browsers), web servers, application servers, and database servers. The web browser interacts with web servers and application servers, and the web servers interact with application servers and database servers.
The n-tier Model:
• Part b of Figure 2 shows the n-tier model. Figure 2 presents the evolution from the classic client/server model to the n-tier model.
• The n-tier model uses a thin client and a web browser to
access the data in many different ways.
• The server side of the n-tier model is divided into distinct functional areas that include the web, applicationand database servers.
• The n-tier model relies on a web architecture where the web browser formats and presents the information received from the web server.
• The server side in the web architecture consists of multiple and distinct servers that are functionally separate. The n-tier model can be the client and a web server; or the client, the web server, and an application server.
• This model is more scalable and manageable it enables application environments to evolve toward distributed computing environments.
The n-tier Model:
Multitier Architecture Application Environment:
• Multitier architectures refer to the Data Center server farms supporting applications that provide a logical and physical separation between various application functions, such as web, application, and database (n-tier model).
• For each server-side tier, there is a one-to-one mapping to a network segment that supports the specific application function and its requirements.
• Figure 4 presents the mapping from the n-tier model to the supporting network segments used in a multitier design.
Multitier Architecture Application Environment:
• The web server tier is mapped to the front-end segment, the business logic to the application segment, and the database tier to the back-end segment.
• Notice that all the segments supporting the server farm connect to access layer switches, which in a multitier architecture are different access switches supporting the various server functions.
Types of Server Farms:
• As depicted in Figure 1, three distinct types of server
farms exist: • Internet Server Farm. • Extranet Server Farm. • Intranet Server Farm.
• Server farms are at the heart of the Data Center. • In fact, Data Centers are built to support at least one
type of server farm. • Although different types of server farms share many
architectural requirements, their objectives differ.
Types of Server Farms:
• Each type of server farm has a distinct set of infrastructure, security, and management requirements that must be addressed in the design of the server farm.
• Although each server farm design and its specific
topology might be different, the design guidelines apply equally to them all.
Internet Server Farms: • As their name indicates, Internet server farms face the
Internet. This implies that users accessing the server farms primarily are located somewhere on the Internet and use the Internet to reach the server farm.
• The server farm services and their users rely on the use of web interfaces and web browsers, which makes them pervasive on Internet environments.
Two distinct types of Internet server farms exist:
• Dedicated Internet Server Farm. • DMZ Server Farms (demilitarized zone).
Dedicated / DMZ Internet Server Farm : •
The dedicated Internet server farm, shown in Figure is built to support large-scale Internet-facing applications that support the core business function. Typically, the core business function is based on an Internet presence or Internet commerce.
• Security and scalability are a major concern in this type of server farm. On one hand, most users accessing the server farm are located on the Internet, thereby introducing higher security risks; on the other hand, the number of likely users is very high, which could easily cause scalability problems.
• The Data Center that supports this type of server farm is often referred to as an Internet Data Center (IDC).
• The next type of Internet server farm, shown in Figure 6, is built to support Internet-based applications in addition to Internet access from the enterprise. This means that the infrastructure supporting the server farms also is used to support Internet access from enterprise users. These server farms typically are located in the demilitarized zone (DMZ) because they are part of the enterprise network yet are accessible from the Internet. These server farms are referred to as DMZ server farms, to differentiate them from the dedicated Internet server farms.
Dedicated Internet Server Farm :
DMZ Internet Server Farm :
Intranet Server Farm : •
The evolution of the client/server model and the wide adoption of web-based applications on the Internet was the foundation for building intranets.
• Intranet server farms resemble the Internet server farms in their ease of access, yet they are available only to the enterprise’s internal users.
• Notice that the intranet server farm module is connected to the core switches that form a portion of the enterprise backbone and provide connectivity between the private WAN and Internet Edge modules.
• Internet users typically are not permitted access to the intranet; however, internal users using the Internet as transport have access to the intranet using virtual private network (VPN) technology.
• The Internet Edge module supports several functions that include the following: • Securing the enterprise network • Controlling Internet access from the intranet • Controlling access to the Internet server farms
• The Data Center provides additional security to further protect the data in the intranet server farm. This is accomplished by applying the security policies to the edge of the Data Center as well as to the applicable application tiers when attempting to harden communication between servers on different tiers.
Intranet Server Farm :
Extranet Server Farm : •
From a functional perspective, extranet server farms sit between Internet and intranet server farms. Extranet server farms continue the trend of using web-based applications, but, unlike Internet- or intranet-based server farms, they are accessed only by a selected group of users that are neither Internet- nor intranet-based.
• The main purpose for extranets is to improve business-to- business communication by allowing faster exchange of information in a user-friendly and secure environment.
• The purpose of the extranet is to provide server farm services to trusted external end users, there are special security considerations.
• Many factors must be considered in the design of the extranet topology, including scalability, availability, and security. Dedicated firewalls and routers in the extranet are the result of a highly secure and scalable network infrastructure for partner connectivity.
• Notice that the extranet server farm is accessible to internal users, yet access from the extranet to the intranet is prevented or highly secured. Typically, access from the extranet to the intranet is restricted through the use of firewalls.
Extranet Server Farm :
Muhammad Asif
BSITF13MM033
Data Center Architecture
• Aggregation Layer
1) aggregation
point
for switches,
devices
firewalls,
that load
provide
balancers)
services.(multilayer
2) multilayer switches referred as aggregation switches because of the aggregationfunction theyperform.
3) Service devices are shared by all serverfarms.
4) Support traditional switching, packets on Layer 3 Layer2.
5) support Layer 3 and Layer 2 connectivity, protocols and features.
Data Center Architecture
Data Center Architecture Access
Layer 1) Front-End Segment 2) Application Segment 3) Back-End Segment
Data Center Architecture
• Storage Layer
1) consists of the storage infrastructure(switches , routers, iSCSI, FCIP).
2) Storage network devices provide the connectivity to servers.
3) network used by these storage devices is referred to as a SAN.
4) The Data Center is the location where the consolidation of applications, servers, and storage occurs.
5) The current trends in server and storage consolidation are the result of the need for increased efficiency in the
environments and for lower costs of application operation.
Data Center Architecture • Data
Centerenvironments are expected to
support high-speed communication between servers and storage and between storage devices.
Data Center Architecture
Transport Layer• Builds on the network layer to deliver the data
across the networks.• Provide end-to-end connectivity across the
network. And segments carry the data from one network to another.
• Different kind of transport services TCPandUDP.
• 4) D-C transport layer includes the transport technologies such as,
1)Communication between distributedData Centers for rerouting client-to-server
traffic.2)Communication between distributedserver farms located in distributed Data Centers.• Transport technologies must support a wide
range of requirements for bandwidth and latency depending on the traffic profiles.
Data Center Architecture • For user-to-
servercommunication, thepossibletechnologies include Frame Relay, ATM, DS
channels in the form of T1/E1 circuits, Metro Ethernet, and SONET.
• For server-to-server and storage-to-storage communication, the technologies required are dictated by server media types and the transport technology that supports them transparently. Systems Connectivity (ESCON), GE, and ATM.
Data Center Topologies
• Generic Layer 3/Layer 2 Designs:
Data Center Topologies • Forwarding packets based on Layer 3 information
between the server farm and the rest of the network,
1) Maintaining a “view” of the routed network that is expected to change dynamically as network changes take place.
2) Supporting default gateways for the server farms.
• The key Layer 2functionsaggregation switches are
performed bythe
asfollows,
1) Spanning Tree Protocol (STP) 802.1d between aggregation and access switches to build a loop-free forwarding topology.
2) STP enhancements beyond 802.1d that improve the default spanning-tree behavior, such as 802.1s, 802.1w, Uplink fast, Backbone fast, and Loop guard.
3) VLANs for logical separation of server farms.4) Other services, such as multicast and ACLs for services
such as QoS, security, rate limiting, broadcast suppression, and so on.
Nauman Ansar
BSITF13MM016
Topic # 1
Multiple Tier Designs
Multiple-tier designs
Most applications conform to either the client/server model or the n-tier model, which implies most networks, and more server farms needed who support these application environmentsThe tiers supported by the Data Center infrastructure are driven by the specific applications and could be any combination of applications from the client/server to the client/web server/application server/database server. The communication requirements between tiers are typically
highesecurity(firewalling), scalability and performance(load balancers).
Multiple Tier Design
Example::I. Suppose that you have multiple types of web servers
supporting different applications, and some of these applications follow the n-tier model.
II. The server farm could be partitioned along the lines of applications or functions.
All web servers, regardless of the application(s) they support,could be part of the same server farm
the application servers could be part of a separate server farm on a different subnet
III. The same logic used to scale the web tier, a load balancer logically could be placed between the web tier and the application tier to scale the application tier from the web tier perspective.
Topic # 2
Expanded Multi Tier Designs
Expanded Multi Tier Design:
In Figure that there is physical separation between the tiers ofservers.
Physical separation is used to achieve greater control over the deployment and scalability of services.
The expanded design is more costly because it uses more devices, yet it allows for more control and better scalability
For example, placing a firewall between tiers is regarded as a more secure approach because of the physical separation between the Layer 2 switches
Expanded Multi Tier Design:
Topic # 3
Collapsed Multi Tier Designs
Collapsed Multitier Design
A collapsed multitier design is one in which all the server farms are directly connected.There Is no physical separation between the Layer 2 switches
The services are concentrated at the aggregation layer The service devices are used by the front-end tier and between
tiers Using a collapsed model, there is no need to have a set of load
balancers dedicated to a particular tier. This reduces cost but management of devices is more
challengingand the performance demands are higher.
The service devices, such as the firewalls, protect all server tiers from outside the Data Center, but also from each other.
Collapsed Multi Tier design
Topic # 4
Fully Redundant Layer 2 and Layer 3 Designs
Redundancy
Up to this point, all the topologies that have been presented are fully redundant. By Looking at these aspects we want to answer following question::
Why We Need Of Redundancy???
Answer It With An Example..
The Need Of Redundancy
Following Figure explains the steps for building a redundanttopology
We Will make the topology Redundant By Following SOME logical steps
There is a single NIC and a single switch, and if the NIC or switchfails, the server and applications become unavailable
Step 1: Make dual power supplies Add a second switch (Figure Part b)
In options a and b, the port density is limited to the capacity of thetwo switches
Step 2: Add Layer 2 access switches to the topology to provide direct server connectivity.(Figure Part c)
Redundancy:
The need of redundancy
The design described in option c still has a problem If the Layer 2 switch fails, the servers lose their only means of communication.
Step 3: The solution is to dual-home servers to two different Layer 2 access switches (Figure Part d)
Anas Nawaz
BSITF13MM012
Data Center Services • This section presents an overview of the services
supported by the Data Center architecture Related technology and features make up each service.
• Data Center Services is that – IP Infrastructure Services – Application Services – Security Services – Storage Services
IP Infrastructure Services:
A packet is like an envelope for mail.
• The IP infrastructure represents a key boundary between a communications medium and the applications that are built upon this medium.
• The basic unit of the IP infrastructure is the "packet". • • The IP infrastructure features are organized as
follows: – Layer 2 – Layer 3 – Intelligent Network
Services
Layer 2 • Layer 2 is a data link
layer •
Layer 2 refers to the Data Link layer of the commonly-referenced multilayered communication model, Open Systems Interconnection (OSI). The Data Link layer is concerned with moving data across the physical links in the network.
• The Open Systems Interconnection model (OSI model) is a
conceptual model that characterizes and standardizes the communication functions of a telecommunication or computing.
• Layer 2 features support the Layer 2 adjacency between the
server farms and the service devices virtual local area network (VLANs),Media Access Control (MAC), Spanning Tree Protocol (STP).
OSI Model
VLAN • A VLAN is a group of devices on one or more LANs that are
configured to communicate as if they were attached to the same wire, when in fact they are located on a number of different LAN segments.
Spanning Tree Protocol (STP) • Spanning Tree Protocol (STP) is a Layer 2 protocol that
runs on bridges and switches. • The main purpose of STP is to ensure that you do not
create loops when you have redundant paths in your network.
• The specification for STP is IEEE(Institute of Electrical and
Electronics Engineers) 802.1D
Layer 3 • Layer 3 is a network
layer •
The network layer is responsible for packet forwarding including routing through intermediate routers, whereas the data link layer is responsible for media access control, flow control and error checking.
• Connection model – connectionless communication • Host addressing – Every host in the network must have a unique address that
determines where it is
• Message forwarding – Since many networks are partitioned into sub-networks and
connect to other networks for wide-area communications, networks use specialized hosts, called gateways or routers, to forward packets between networks
Figure 6.4
Intelligent Network Services • The most common features are QoS and multicast • Quality of service (QoS)
• is the overall performance of a telephony or computer network, particularly the performance seen by the users of the network.
• important intelligent network services such as private VLANs (PVLANs) and policy-based routing (PBR) • private VLANs: Private VLANs also known as port isolation, is a technique in
computer networking where a VLAN contains switch ports that are restricted such that they can only communicate with a given "uplink". The restricted ports are called "private ports"
• policy-based routing: including source or destination network, source or destination
address, source or destination port, packet size, and packet classification among others
Intelligent Network Services
Figure 6.6
Multicast • multicast (one-to-many or many-to-many
distribution) is group communication where information is addressed to a group of destination computers simultaneously
• Multicast in the Data Center enables the
capabilities needed to reach multiple users concurrently
Application Services • The following is a list of those features
• Load balancing • Caching • SSL termination
• Load balancing: Load balancing is dividing the amount of work that a computer has to do
between two or more computers so that more work gets done in the same amount of time and, in general, all users get served faster. • Load balancers perform two core functions:
1. Scale and distribute the load to server farms 2. Track server health to ensure high availability. You also can add new servers, thus scaling the capacity of a
server farm, without any disruption to existing services.
• Caching: Caching is an area of a computer’s memory devoted to
temporarily storing recently used information. • SSL(Secure Sockets Layer) termination: SSL termination refers to the process that occurs at the server end of
an SSL connection, where the traffic transitions between encrypted and unencrypted forms.
Figure 6.8
• Service Deployment Options • Design Considerations with Service
Devices
Intrusion Detection System
Security Services • Access control lists An access control list (ACL), with respect to a computer file
system, is a list of permissions attached to an object. An ACL specifies which users or system processes are granted access to objects , as well as what operations are allowed on given objects.
ACLs filter packets. Packet filtering through ACLs can prevent unwanted access to network infrastructure devices.
• Firewalls A firewall is a system designed to prevent unauthorized access to
or from a private network. Firewalls can be implemented in both hardware and software, or a combination of both.
Security Services • Secure
management – Simple Network Management Protocol (SNMP) it is a standard way of monitoring hardware and software
• Provide Read/Write abilities configure IP addresses • Collect information on how much bandwidth is being used • devices can send alerts to a monitoring station on error conditions
– Secure shall (SSH) sometimes known as Secure Socket Shell, is a UNIX-based
command interface and protocol for securely getting access to a remote computer. It is widely used by network administrators to control Web and other kinds of servers remotely.
– authentication authorization and accounting (AAA) The transactions of all authorized and authenticated users are
logged for accounting purposes, for billing, or for postmortem analysis
Storage Services • Storag
e – storage is the place where data is held in an electromagnetic or optical form for access by a computer processor
• Storage services include the capability of consolidating direct attached disks by using disk arrays that are connected to the network.
• SAN(storage area network) is a high-speed network of storage devices that also connects those storage devices with servers. It provides block- level storage that can be accessed by the applications running on any networked servers.
• Types of managed storage • locally managed storage
Advantages of this type of storage include a high-speed access to data and greater control over data availability. A disadvantage is that additional space is required at local site to store the data
• remotely managed storage Advantages of this type of storage are that it may be used an off site backup, it offers global
access (depending upon configuration) and adding storage will not require additional space
at the local site. However, if the network providing connectivity to the remote data is interrupted, there will be data availability issues, unless distributed file systems are in use.
Cost:.
Description Material cost Labor cost Total cost
Engineering 3,00,000 2,00,000/ 5,00,000/-
Web server 1,00,000 1,00,000 2,00,000/-
All Devices & wire 12,00,000 8,00,000 20,00,000/-
Network equipment 4,00,000 1,00,000 5,00,000/-
Database Server 5,00,000 1,00,000 6,00,000/-
App server 1,00,000 4,00,000 5,00,000/-
CCTV system 2,00,000 50,000 2,50,000/-
Total 45,50,000/-
Thank you for giving your precious time.
Related Documents
