UCL Data CentresInfrastructure Design

James Clements Emma Cardinal-Richards

Areas Covered

• Background• Design Process• Routing and Site Connectivity• Application Delivery Controllers• Switching• Storage• Security

Background

• Extensive dark fibre network• One logical data centre• Simplicity for applications• Stretched failure

Design Process

• Requirements Gathering• Current State• Vision• Plan• Design Validation • Business Validation

The White Paper: Key elements

• Active-Active• Disaster Recovery• No Cross DC Dependency• Symmetric architecture where possible• Auto-failover where possible• Converged Networking where available

Campus Network

Routing (Logical)

Routing (Physical)

SLB Current State

• Cisco Application Control Engine Service Modules

Application Delivery Controllers

• Essential for multi-site data centres• PoC market leaders• F5 solution selected

Future State - GSLB

• DNS-Based multi-site load balancing• Active/Active• Client location• Load distribution• Site failover

Future State - SLB

• No need to use the ADC to route• Service

optimisations • Delegated

administration

Switching Current State

Switching – Production Design• Leaf Spine Architecture• Nexus 5K• Fabricpath• VPC+• Dynamic FCoE

• New (but familiar) VM hosting platform

• New (but familiar) storage platform

• Decoupling the DCs

• Partially new software stack

Torrington Place 1 Wolfson House SloughTorrington Place #

Infrastructure Platform Vision

Storage Area Networking (SAN)

• Converged Networking (FCoE)• Collaborative working• Keeping existing storage design concepts• Dynamic FCoE over FabricPath • SANs existing within 1 Data Centre• Cisco Data Centre Network Manager

Security from a ISG view

Security – Network Style

Security ZonesSimplified!

FIREWALL

INTERNET

DATACENTRE

CAMPUS

RESEARCH

FIREWALL

INTERNET

DATACENTRE

CAMPUS

RESEARCH

SLOUGHTORRINGTON

PLACE

Standardised Service Design

• Separate IP space per datacentre for both IPv4 and IPv6• Symmetrical networks• Standardisation• Layered application design• Security

Service LayersPresentation Layer

Application Layer

Additional Service Layer

Data Layer

Clie

nts / E

xter

nal A

cces

sBl

ocke

d by

fire

wal

l by

defa

ult

Man

agem

ent L

ayer

VPN

Appl

icati

on D

eliv

ery

Cont

rolle

r

Client Traffic Service Traffic (direct or load balanced) Management Traffic Key

Current Layer NewApplications

Ad-hoc ACLs Network Security Firewall, ACLs, Zoned, SecuredApplication specific, secured by application, complex

Networking Layout Standard, Secure by Design, IPv6 Ready, Consistent

Not Required Global Server Load Balancing (GSLB) F5 BigIP GTMCisco ACE Server Load Balancing (SLB) F5 BigIP LTM

Split HA/BH Stacks, Non-representative Development

Hardware Stacks Single Converged Stack, Representative Development

VMware vSphere ESXi Virtualisation VMware vSphere ESXiVMware vSphere ESXi Virtual Mobility SRM or Zerto or VeeamNot Used Virtualisation Insights VMware Operations ManagerIBM HS22/23 Blades in BladeCentre-H Virtualisation Hardware Lenovo x240 Blades in Flex Chassis

Separate Ethernet/Storage Network Interconnect Converged Network AdaptorsIBM DS5100/v7000 G1/SVC Storage IBM v7000 G2/SVCSynchronous Everywhere Storage Replication AsynchronousIBM/Brocade Fibre Channel SAN Storage Networking Cisco Nexus ConvergedCisco Catalyst Ethernet Networking Cisco Nexus Converged NetworkOne Logical Site across Two Physical Physical Location Two Distinct Physical Sites

Physical Data Centres

</presentation>

• Thanks to all the (uncredited!) people from whom we have ‘borrowed’ drawings, photos etc.

• Even more thanks to all at JISC/Janet and Infinity who have been very understanding and accommodating of our shifting requirements and sometimes unusual requests.

Contact

James ClementsNetwork Core Services Managerjames.clements@ucl.ac.ukEmma Cardinal-RichardsSenior Network Architecte.cardinal-richards@ucl.ac.uk