Solution Brief • Telcos and service providers must separate billing, CRM, payment systems, reseller portals, and application hosting environments. • Financial organizations need to isolate client details and partition trading, whole- sale, and retail banking. • Governments must partition records for taxation, welfare, healthcare, education, defense, and so on. How can you be certain that applications, data, and customers are securely isolated as you migrate critical applications to an infrastructure in which servers, networks, and storage are all shared resources? THE SOLUTION A secure, virtualized dynamic data center NetApp, Cisco, and VMware have partnered to create a unique service-oriented infra- structure (SOI) that includes all server, storage, and networking hardware and software to facilitate sharing, reuse, and dynamic resource allocation. Our SOI mini- mizes the risk of making the transition to a cloud infrastructure while delivering the advanced capabilities you need to succeed. THE CHALLENGE Today’s IT infrastructure too often suffers from siloed server and storage resources— leading to low utilization, gross inefficiency, and an inability to respond quickly and flexibly to changing business needs. The arrival of cloud computing—and the adoption of cloud infrastructure to deliver IT as a service in data centers of all types— promises to overcome these limitations and reduce future IT spending by as much as 47%. However, lack of confidence that data and applications will be securely isolated has been a major impediment to adoption of cloud-based services: • Large enterprises need to isolate HR records, finance, customer credit card details, and so on. • Organizations must make sure of the separation of business unit applications and data. • Outsourced development requires sepa- rate areas for each development activity. • Healthcare organizations must make sure of patient record confidentiality. • Universities need to partition examinations, enrollment details, and commercial research. NetApp, Cisco, and VMware Deliver End-to-End Secure Multi-Tenancy KEY FEATURES Three industry leaders, one architecture An architecture to support secure isolation and security for multi-tenant environments NetApp MultiStore Storage security and isolation for data and applications NetApp Data Motion Always-on data mobility Cisco Unified Computing System Integrated network, compute, and storage access Cisco Nexus Series Switches Data center–class switches that provide end-to-end, role-based fabric security with TrustSec Cisco SAFE Security reference architecture for building highly secure and reliable networks VMware vSphere A secure cloud operating environment VMware vShield Zones Secure, isolate, and segment virtual machines and vApps
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Solution Brief
• Telcosandserviceprovidersmustseparatebilling,CRM,paymentsystems,resellerportals,andapplicationhostingenvironments.
• Financialorganizationsneedtoisolateclientdetailsandpartitiontrading,whole-sale,andretailbanking.
• Governmentsmustpartitionrecordsfortaxation,welfare,healthcare,education,defense,andsoon.
Howcanyoubecertainthatapplications,data,andcustomersaresecurelyisolatedasyoumigratecriticalapplicationstoaninfrastructureinwhichservers,networks,andstorageareallsharedresources?
THE SOLUTION
A secure, virtualized dynamic data centerNetApp,Cisco,andVMwarehavepartneredtocreateauniqueservice-orientedinfra-structure(SOI)thatincludesallserver,storage,andnetworkinghardwareandsoftwaretofacilitatesharing,reuse,anddynamicresourceallocation.OurSOImini-mizestheriskofmakingthetransitiontoacloudinfrastructurewhiledeliveringtheadvancedcapabilitiesyouneedtosucceed.
THE CHALLENGE
Today’sITinfrastructuretoooftensuffersfromsiloedserverandstorageresources—leadingtolowutilization,grossinefficiency,andaninabilitytorespondquicklyandflexiblytochangingbusinessneeds.
Thearrivalofcloudcomputing—andtheadoptionofcloudinfrastructuretodeliverITasaserviceindatacentersofalltypes—promisestoovercometheselimitationsandreducefutureITspendingbyasmuchas47%.
However,lackofconfidencethatdataandapplicationswillbesecurelyisolatedhasbeenamajorimpedimenttoadoptionofcloud-basedservices:
• LargeenterprisesneedtoisolateHRrecords,finance,customercreditcarddetails,andsoon.
• Organizationsmustmakesureoftheseparationofbusinessunitapplicationsanddata.
• Outsourceddevelopmentrequiressepa-rateareasforeachdevelopmentactivity.
• Healthcareorganizationsmustmakesureofpatientrecordconfidentiality.
• Universitiesneedtopartitionexaminations,enrollmentdetails,andcommercialresearch.
NetApp,Cisco,andVMwareDeliverEnd-to-EndSecureMulti-Tenancy
KEY fEATUrES
Three industry leaders, one architectureAnarchitecturetosupportsecureisolationandsecurityformulti-tenantenvironments
NetApp MultiStoreStoragesecurityandisolationfordataandapplications
NetApp Data MotionAlways-ondatamobility
Cisco Unified Computing SystemIntegratednetwork,compute,andstorageaccess
Cisco Nexus Series SwitchesDatacenter–classswitchesthatprovideend-to-end,role-basedfabricsecuritywithTrustSec
Cisco SAfESecurityreferencearchitectureforbuildinghighlysecureandreliablenetworks
VMware vSphereAsecurecloudoperatingenvironment
VMware vShield ZonesSecure,isolate,andsegmentvirtualmachinesandvApps
Keyfeaturesincludeanefficient,always-oninfrastructurewithelasticscalability;inte-grateddataprotection;advancedautoma-tion;andtheabilitytotransparentlymigratebothapplicationsanddataacrosstheinfrastructure.Wehavebroughttogetheryearsofcombinedexperiencetocreateamulti-tenantSOIinwhichseparateappli-cationsorcustomerscansharethesameserver,storage,andnetworkinginfrastruc-turewithcompleteisolationsosensitiveinformationisnevercompromised.
Theindividualtechnologiesare—bythem-selves—thebesttheindustryhastooffer.Together,thesetechnologiesofferuniquesynergiesthatgreatlysimplifythedeploy-mentandmanagementofITinfrastructureandapplicationswith:
• Unmatchedend-to-endsecurityandisolationinvirtualizedenvironments
• Simplified,unifiedarchitecture• Lowercost• Greaterbusinessagility• Lessrisk
THrEE INDUSTrY LEADErS, ONE SECUrE ArCHITECTUrE
Thetraditionalapproachtoguaranteeingapplicationisolationrequiresdedicated,isolatedhardware.Acloudinfrastructuredemandsstrictisolationbetweendifferentclients,businessunits,departments,securityzones,andlayersinthree-tieredWebarchi-tectures—aswellastheabilitytoseparateproductionoperationsfromQA,develop-ment,andsoon.Securemulti-tenancyenablesyoutopartitionasharedinfrastruc-tureinwhateverwaymakessenseforyourbusiness.Dataanddataaccessaresecurelyisolated,andworkloadperformanceismaintained.
requirementsaremetbyasinglestoragesolution,soyouapplythesamehardware,software,people,andprocessestomeetallyourstorageneedsandachievealevelofefficiencythatsimplyisnotpossiblewithothervendors’solutions.Innovativesoftwarehelpsyoumeetspecificobjectivesforautomation,dataprotection,andsecurity.
Secure storage multi-tenancyNetApppioneeredtheideaofsecurestoragemulti-tenancyoversevenyearsagowiththeintroductionofNetAppMultiStoretechnology,providingalevelofsecurityandisolationforvirtualizedstoragecomparabletophysi-callyisolatedstoragearrays.Over20,000MultiStorelicenseshavebeensold.
MultiStoreletsyoucreatemultiple,completelyisolatedlogicalpartitionsonasinglecost-effectiveEthernet-basedstoragesystem,soyoucansharestoragewithoutcompromis-ingprivacy.Theresultsaresecure,sharedcloudstorageandincreasedstorageutiliza-tion.Individualstoragecontainerscanbemigratedindependentlyandtransparentlybetweenstoragesystems.
NetAppDataMotionisaperfectcomple-menttoVMwareVMotion™andVMwareStorageVMotion.WithNetAppDataMotionyoucanmigrateentireVMwaredatastoresbetweenstoragesystemstobalanceload,expandstoragecapacity,orrefreshtechnology withoutdisruption.
CISCO: SECUrE, UNIfIED COMPUTING
Today,ITorganizationsassembletheirdatacenterenvironmentsfromindividualcompo-nents.Theiradministratorsspendsignificantamountsoftimemanuallyaccomplishingbasicintegrationtasksratherthanfocusingonmorestrategic,proactiveinitiatives.
TocreateourSOI,NetApp,Cisco,andVMwaretookaholisticapproachthatallowsdatastorage,networkfabric,andvirtualserverstobeefficientlyshared.Inamulti-tenantenvironment,virtualmachines(VMs)orgroupsofVMsaresecurelyisolatedfromotherVMsorgroupsofVMsusingVMware® vShieldZonestechnology.Oncesecurelyisolated,VMsareconnectedtostoragesystemsthroughanetworkthatisseg-mentedandsecuredusingtheCisco®Nexusfamilyofproducts.ThestoragevFiler™unitstowhichtheyconnectarealsosecurelyisolatedfromothervFilerunitsusingNetApp® MultiStore™technology,whichresultsinanend-to-end,secureisolatedstoragesystem.
Asindustryleadersintheirrespectivefields,eachpartnercontributesproventechnologytomakesureofend-to-endsecurity.WithourSOI,wehavecombinedtechnologiesthatprovidelayersofisolation—inmanycasesproventhroughyearsofuse—intoasinglearchitecturewithsecureisolationofdigitalassetsandresourcesinflightandatrest.
ClosecollaborationandcarefulintegrationeliminatethecomplexityoftraditionalITinfrastructureinfavorofstandardizedcom-ponentsandconsistentmanagementprac-ticesthatloweracquisitionandoperatingcosts,reducestaffskillsetrequirements,shortenprovisioningtimes,andincreaseresourceutilization,allwhileprovidinggreatersecurity.
NETAPP: SECUrE CLOUD STOrAGE
Thetypicalapproachtostorageforcesyoutobuydifferentstoragesystemstoaccom-modatedifferentneeds.WiththeNetAppUnifiedStorageArchitecture,allstorage
“T-Systems’DynamicServicesdeliversecureandreliablecloudservicestoourcustomers.WithNetAppsystems,NetAppMultiStore,CiscoNexusproducts,andVMware,ourdatacentersareabletoprovidesharedyetsecurecloudsofserver,network,andstorageresources.”Klaus rubikHeadofEngineeringandSystemsManagement,T-Systems
Cisco’sUnifiedComputingarchitectureisanext-generationdatacenterplatformthatunitescompute,network,storageaccess,andvirtualizationinacohesivesystemdesignedtoreducetotalcostofownershipandincreasebusinessagility.TheCiscoUnifiedComputingSystem®seamlesslyintegrateswithCisco’sNexusSeriesofdatacenter–classswitches.
Cisco unified fabricAtypicaldatacenterenvironmentsupportsthreeorfourparallelnetworks:onefordata,oneforstorage,oneformanagementnet-work,andpossiblyoneforserverclustering.Thisincreasesmanagementcomplexityandimposessignificantcostsforinterfaces,cabling,rackspace,upstreamswitches,power,andcooling.
Unifiedfabricconsolidatesthesedifferenttypesoftrafficontoasingle,general-purpose,high-performance,highlyavailable10-GigabitEthernetnetworkthatgreatlysimplifiesnetworkinfrastructureandreducescosts.Todoallthis,aunifiedfabricmustbeintel-ligentenoughtoidentifydifferenttypesoftrafficandhandlethemappropriately.Cisco’sunifiedfabricdeliversahigherlevelofperformancewhileguaranteeingtheisolationandsecurityofbothuseranddatatraffic.
Cisco Nexus 1000V virtual switchesCiscoNexus1000VSeriesSwitchesareanintelligentsoftwareswitchimplementationforVMwarevSphere™environments.Operat-inginsidetheVMwareESXhypervisor,theCiscoNexus1000VSeriessupportsCiscoVN-Linkservervirtualizationtechnologyforpolicy-basedvirtualmachineconnectivityandmobileVMsecurityandnetworkpolicy.
Cisco Nexus 2000, 5000, and 7000 Series data center switchesTheinnovativearchitectureoftheCiscoNexusSeriesSwitchessimplifiesdatacentertransformationwithastandards-based,high-performance,unifiedGigabitEthernetand10-GigabitEthernetfabricthatconnectsservers,storage,andusers,greatlysimplifyingnetworkmanagementwhiledeliveringadvancedcapabilitieswithend-to-endsecu-rityforallnetworktraffic.CiscoTrustSecprovidesrole-basedsecurityforallnetworktraffic.TrustSecmakesyournetworkfabricroleawarethroughsecureaccesscontrol,aconvergedpolicyframework,andpervasiveintegrityandconfidentiality.
Cisco SAfECiscoSAFEconsistsofdesignblueprintsbasedonCiscoValidatedDesignsandprovensecuritybestpracticesthatprovidethedesignguidelinesforbuildingsecureandfigure 1) Design elements of the secure multi-tenant infrastructure.
ERP HR CRM
• vSphere• vShield Zones• vCenter
• Cisco SAFE• Nexus 1000V• Nexus 2000/5000/7000• UCS• 10GbE
• MultiStore• NetApp Data Motion• 10GbE NFS/iSCSI/FC
VMware VMware VMware
Formoreinformationvisit www.imaginevirtuallyanything.com.
reliablenetworkinfrastructures.Multiplelayersofsecuritycontrolsareimplementedthroughoutthenetworkunderacommonstrategyandadministration.CiscoSAFEusestheCiscoSecurityControlFramework,acommonframeworkthatdrivestheselectionofproductsandcapabilitiesthatmaximizevisibilityandcontrol,thetwomostfunda-mentalaspectsdrivingsecurity.Thisframe-workfacilitatestheintegrationofCisco’srichportfolioofsecurityservicesdesignedtosupporttheentiresolutionlifecycle.
VMWArE: SECUrE VIrTUALIZATION
Servervirtualizationisintegraltothedevel-opmentofacloudcomputinginfrastructure.VMwarecontinuestoleadthewaywithvalue-addedcapabilitiesthatfosternewwaysofdoingbusiness.
VMware vSphereBringthepowerofcloudcomputingtoyourITinfrastructurewithVMwarevSphere,thenextevolutionarystepinITcomputingandthemosttrustedvirtualizationplatformavailable.Builtonaprovenvirtualizationplatform,vSphereprovidesafoundationforbothinternalandexternalclouds,
usingfederationandstandardstobridgecloudinfrastructuresandcreateasecureprivatecloud.
VMware vNetwork Distributed SwitchTheVMwarevNetworkDistributedSwitchmaintainsthenetworkruntimestateforVMsastheymoveacrossmultiplehosts,enablinginlinemonitoringandcentralizedfirewallservices.Itprovidesaframeworkformoni-toringandmaintainingthesecurityofvirtualmachinesastheymovefromphysicalservertophysicalserverandenablestheuseofthird-partyvirtualswitchessuchastheCiscoNexus1000Vtoextendfamiliarphysicalnetworkfeaturesandcontrolstovirtualnetworks.
VMware vShield ZonesVMwarevShieldZonesisacentrallyman-aged,statefuldistributedvirtualfirewallbundledwithvSpherethattakesadvantageofESXhostproximityandvirtualnetworkvisibilitytocreatesecurityzones.VMwarevShieldZonesintegrateswithVMwarevCenter™andleveragesvirtualinventoryinformationsuchasvNICs,portgoups,clusters,andzonestosimplifyfirewallrulemanagementandtrustzoneprovisioning.
PrOVEN PArTNErSHIPS
ThisSOIisnottheresultofneworuntestedrelationships.NetApp,Cisco,andVMwarehaveworkedcloselywitheachotherforyears,forgingprovenrelationshipsthatresultinsuperiortechnologyandtheabilitytopro-videcoordinatedsupportwithoutneedlessfingerpointing.
Tofacilitatedeliveryoftheservice-orientedinfrastructure,wehavequalifiedateamofsystemintegratorstohelpyoudirectlyassessyourneedsandplanandimplementallelementsoftheinfrastructure,custom-tailoredforyourbusiness.Dependingonyourpreferences,youcanmakeacompletetransformationorevolveyourexistinginfrastructurestepbystep.
GETTING STArTED
Tolearnmoreaboutoursecuremulti-tenancysolution,readtheSecureCloudArchitectureOvervieworcontactyourlocalNetApp,Cisco,orVMwarerepresentative.
©Copyright2010NetApp,Inc.Allrightsreserved.NoportionsofthisdocumentmaybereproducedwithoutpriorwrittenconsentofNetApp,Inc.NetApp,theNetApplogo,Gofurther,faster,MultiStore,NetAppDataMotion,andvFileraretrademarksorregisteredtrademarksofNetApp,Inc.intheUnitedStatesand/orothercountries.VMwareisaregisteredtrademarkandVMotion,vSphere,andvCenteraretrademarksofVMware,Inc.CiscoandUnifiedComputingSystemareregisteredtrademarksofCiscoSystems.Allotherbrandsorproductsaretrademarksorregisteredtrademarksoftheirrespectiveholdersandshouldbetreatedassuch.DS-2953-0910
Related Documents
