understanding the hp cloudsystem - regerence architecture
TRANSCRIPT
-
8/20/2019 Understanding the HP CloudSystem - Regerence Architecture
1/20
Understanding the HP CloudSystemReference Architecture
White paper
-
8/20/2019 Understanding the HP CloudSystem - Regerence Architecture
2/20
Table of contents
1. Introduction ........................................................32. CloudSystem overview .........................................33. Basic CloudSystem architecture .............................44. HP CloudSystem Matrix .......................................55. HP CloudSystem Enterprise ...................................6 CloudSystem Enterprise core .............................6 CloudSystem Enterprise block diagram ...............6 Cloud Service Automation: delivery and
demand layers ................................................8 CloudSystem Enterprise portals and interfaces ...10
HP Cloud Maps ............................................106. HP CloudSystem Service Provider ........................ 11 Aggregation Platform for SaaS (AP4SaaS) ........ 11 CloudSystem Service Provider portals and
interfaces .....................................................127. HP CloudSystem extensions ................................ 128. Summing up .....................................................179. Resources ........................................................ 17
Appendix: HP CloudSystem details at a glance ..........18
-
8/20/2019 Understanding the HP CloudSystem - Regerence Architecture
3/20
-
8/20/2019 Understanding the HP CloudSystem - Regerence Architecture
4/20
Securing physical and virtual
Scalable utility storageHP 3PAR
HP CloudService
Automation
HP MatrixOperating
Environment+
HP BladeSystem
+
High-performance fabricHP Networking
Mission-critical computing
Core
HP ArcSight and HP Fortify
Regulatory compliance, application readiness, andcybersecurity
Sample extensions
HP Integrity +
And many more...
HP
4
Each of these offerings is available as a small,medium, or large configuration, and each can bemodified and expanded with additional hardwareand software from HP and third parties, makingCloudSystem suitable for virtually any desired varietyor scale of cloud services.
The offerings all provide scalable and elastic IT-enabled capabilities, which can be delivered as aservice to customers using the Internet or an intranet.
Expandable and extensible As illustrated by the example in Figure 2, eachoffering consists of a core platform and a number ofextensions. The core HP CloudSystem platform is builton key elements of HP’s Converged Infrastructure,including HP BladeSystem, the Matrix OperatingEnvironment, and Cloud Service Automation. Thatcore platform is fully extensible via other elementsof the Converged Infrastructure portfolio, includingstorage, security, networking, mission-criticalcomputing, and aggregation technologies.
A fast track to create service catalogs withCloud MapsHP Cloud Maps are an important CloudSystemcapability. These provide tools and best practicethat enable CloudSystem to quickly and easilycreate service catalogs for various kinds of commapplication environments from major vendors suas Oracle, SAP, and Microsoft®. Cloud Maps cansubstantially reduce the time and effort needed tdevelop a catalog of CloudSystem services. (Forinformation, see page 10.)
3. Basic CloudSystem architecturIn cloud computing, scalable and elastic IT-enabcapabilities are delivered as a service to customeusing the Internet or an intranet. The most imporcapabilities are a self-service portal; a pool of shresources; automated provisioning, flexing, andrelease of those resources; a facility to meter andcharge for usage; and ubiquitous access.HP CloudSystem provides these capabilities usin
Figure 2. An HP CloudSystem is easily expanded with hardware and software extensions.
Cloud modelsHP CloudSystem offeringscover the full range ofcloud models, including:• IaaS: infrastructure
as a service, inwhich the computinginfrastructure, includingphysical and virtualizedservers, storage, andnetworking, is deliveredas a service.
• PaaS: platform as aservice, where an entirecomputing platform,including infrastructureand a solution stackand developmentplatform, is delivered asa service.
• SaaS: software as aservice, which makesavailable not onlythe infrastructure andthe platform, but alsosoftware applicationsrunning on thatplatform.
-
8/20/2019 Understanding the HP CloudSystem - Regerence Architecture
5/20
Figure 3. HP CloudSystem’s three-layer structure includes supply, delivery, and demand layers.
the three-layer architecture shown in Figure 3, whichenables IT as a service. Within this architecture:• The supply layer provides all the infrastructure
services for CloudSystem; this is where the physicaland virtual assets reside.
• The delivery layer provides application servicedelivery.
• The demand layer contains the self-service portalsand is where services are actually consumed by endusers or subscribers.
HP CloudSystem is based on the HP ConvergedInfrastructure. Employing a shared services model,with pools of compute, storage, and networkresources, the Converged Infrastructure is an idealfoundation for cloud computing.
From a management perspective, CloudSystemprovides a complete management environment tohelp ensure the cloud service meets the needs ofthe end user. In addition to automated provisioningand resource management, extensions allow a cloudservice based on CloudSystem to offer such addedfeatures as governance, application readiness, servicemonitoring, and enhanced security.
4. HP CloudSystem MatrixHP CloudSystem Matrix is an entry cloud solution forcustomers who want to set up their own private cloud.This offering enables quick deployment of a privateIaaS solution featuring a self-service infrastructureportal for auto-provisioning, along with built-inlifecycle management to optimize infrastructure,
manage the resource pool, monitor applications, help ensure uptime.
Supply layer: The infrastructure services ofCloudSystem are based around HP BladeSystemtechnology with the Matrix Operating Environm(Matrix OE). For more details about the CloudSyinfrastructure, see section 5, HP CloudSystemEnterprise. CloudSystem can also supportheterogeneous infrastructure.
Delivery and demand layers: In the HP CloudSyMatrix offering, service delivery and the mechan
for service consumption are provided by the MatOE, which supports both HP and heterogeneousenvironments. For providing Infrastructure as a S(IaaS) with basic application service delivery, theMatrix Operating Environment is tightly integratwith Cloud Service Automation for Matrix, whicconsists of Server Automation and SiteScope.
The HP CloudSystem Matrix offering is a complprivate cloud solution and includes all the featurexpected in the cloud: an infrastructure-centric sservice portal; a pool of shared resources; automprovisioning, flexing, and release; metering for uand ubiquitous access. Customers who want to gstarted as quickly as possible can use HP CloudSa service offering that allows them to be deliverisecure private cloud services within 30 days baseon a CloudSystem Matrix implementation, compwith up to four compute services, storage integrabackup policies, security policies, and usage metand reporting.
Storage Power and cooling Network Servers
Demand layer Service consumption
Delivery layer Service delivery
Supply layer Infrastructure services
-
8/20/2019 Understanding the HP CloudSystem - Regerence Architecture
6/20
5. HP CloudSystem EnterpriseThis section provides a detailed view of theHP CloudSystem Enterprise offering. Like allCloudSystem offerings, CloudSystem Enterpriseemploys the three-layer architecture, with supply,delivery, and demand layers, and includes both acore offering and a number of extensions.
CloudSystem Enterprise coreThe CloudSystem Enterprise core is built on themodular HP BladeSystem architecture, and includesthe highly automated Matrix Operating Environment(Matrix OE) that enables rapidly provisioningcomplex infrastructure services and adjusting them tomeet changing business demands. HP Cloud Service
Automation software manages the entire cloudlifecycle, including orchestrating infrastructure andapplication provisioning. Cloud Service Automationanchors the delivery and demand layers of
CloudSystem Enterprise; its roles include provisthe application, managing and monitoring the cloand releasing resources back to the cloud.
CloudSystem Enterprise blockdiagramThe block diagram in Figure 4 illustrates thearchitecture of the CloudSystem Enterprise offerThe diagram shows how Cloud Service Automatsoftware is linked to Matrix OE and to CloudSysextensions.
Supply layer: The supply layer provides for servidelivery of infrastructure elements such as compnetwork, storage, and other resources both physiand virtual. These infrastructure elements may bhardware and virtualization, or they may be provby a customer’s existing infrastructure or by thirdparties, including public clouds.
6
Figure 4. CloudSystem architecture includes the supply, delivery, and demand layers. This illustration shows details of HP CloudSEnterprise architecture.
User experience
M a
t r i x O E
Matrix infrastructure portal
Advanced AllocationManager
CloudControllerinterface
Assurance:Business Service
Management
Cloud service delivery
OO Activation
ApplicationDeploymentManagement
ApplicationLifecycleManagement
Cloud Maps
Templates
Service catalog
Matrix Third-party extensions
Legend:
HP Extensions
DemandService consumption
DeliveryService delivery
Infrastructure servicesSupply
ServersStorageNetwork
Security: ArcSight
Traditional ITSM:Service
Manager
Infrastructure designer
App designer
DMA
Network Automation
StorageEssentials Server Automation
Line of Businessportal
SiteScope
Non HP
Subscriber
Service designer
MissionCritical
–Integrity
Network–A12500–A5800–A5100
Storage–3PAR–EVA–XP
Servers–C-class
–Rackmount–ProLiant
MS Hyper-V VMwarevSphere/vCenter
Security–TippingPoint N
–vController–vFW
CSA
OE: Operating Environment DMA: Database and Middleware Automation OO: Operations Orchestration CMS: Configuration Management Syst
IaaSBurst
CMS/UCMDB
-
8/20/2019 Understanding the HP CloudSystem - Regerence Architecture
7/20
-
8/20/2019 Understanding the HP CloudSystem - Regerence Architecture
8/20
Figure 6. HP CloudSystem’s supply (infrastructure) layer is built on HP BladeSystem and Matrix OE.
8
• Protecting continuity of services:The Matrix OEprotects quality of service and offers continuity ofservices with a wide spectrum of high-availabilityand recovery solutions. These solutions range fromserver-aware and application-aware availabilitysolutions, to disaster recovery solutions for bothphysical and virtual server environments.1
HP Matrix OE also includes the essential servermanagement delivered by HP Insight Control, whichunlocks the management capabilities built into HPservers. Insight Control enables the user to proactivelymanage server health—whether physical or virtual—and deploy servers quickly, optimizepower consumption easily, and control serversfrom almost anywhere. Matrix OE also leveragesHP Virtual Connect Enterprise Manager (VCEM).This tool centralizes connection management andworkload mobility for HP BladeSystem servers thatuse Virtual Connect to access LANs, SANs, andconverged network infrastructures.
Cloud Service Automation: deliveand demand layersThe delivery and demand layers of CloudSystemarchitecture are primarily provided by HP CloudService Automation. It is Cloud Service Automathat imbues CloudSystem with its hybrid and pubcloud capabilities.
Cloud Service Automation is a software solutionfor managing the entire cloud service lifecycle,including provisioning the infrastructure either thextension to one or several Matrix OE systems, ointo non-matrix infrastructure pools; provisioninapplication; provisioning, patching, and ensuringcompliance of business and complex customapplications; managing and monitoring the cloudand releasing resources back to the cloud. Extento this software can add further service assurancenhanced security, storage management, and netwmanagement. Cloud Service Automation helps t
maximize the agility offered by cloud technologand minimize the risks and costs of cloud adopti
1 HP ProLiant server blades are protected by the included the Matrixrecovery management capability, while HP Integrity server blades areprotected by the available HP Serviceguard portfolio.
HP BladeSystem c7000
Choose blade computersfrom the world’s mostextensive portfolio
Easily add moreinfrastructure resourceswhen needed
Virtual Connect FlexFabric (Redundant Ethernet and Fibre Channel)
Management host: Matrix OE;includes infrastructure portaland infrastructure lifecyclemanagement
Management Compute
LAN and SANStorage
Network
Compatible with any Matrix-supported shared storage;HP 3PAR Utility Storagehighly recommended
Connect to any standardEthernet or Fibre Channelnetwork
-
8/20/2019 Understanding the HP CloudSystem - Regerence Architecture
9/20
HP Cloud Service Automation orchestrates thedeployment of compute resources and complexmulti-tier application architectures. It integrates andleverages the strengths of several matureHP management and automation products, addingworkload management, service offering design, anda customer portal, to create a comprehensive serviceautomation solution.
Within HP CloudSystem, Cloud Service Automationprovides:
• Scalable architecture: Cloud Service Automationis a highly flexible, scalable architecture that cansupport heterogeneous environments.
• Automated provisioning: Cloud Service Automationorchestrates provisioning of servers, network,and storage across Matrix OE resource poolsand enables monitoring of configured services.
Administrators can further automate applicationprovisioning and configuration as well as utilizeindustry best practice templates in the Matrix OE.
• Role-based portals and interfaces: The softwareincludes a variety of role-based portals andinterfaces for building and consuming both privateand public cloud services.
• Extensible platform: The flexible platform canbe extended with support for service assurance,application lifecycle management, governance, andsecurity.
• Database for configuration management: TheHP Universal Configuration Management Database(UCMDB) provides advanced configurationmanagement that models configuration items (CIs)for the service architecture that has been built,allowing them to be shared with other applications.
• Automation of content library and management:HP Database and Middleware Automation (DMA)provides a content library for database andmiddleware management. DMA provisions simple
and complex application architectures, includingDMA content, onto existing infrastructure. Afterapplications—especially middleware—have beenprovisioned and are up and running, DMA can
manage those applications, providing pre-packworkflows for application patching, compliancand code release—eliminating the need formanual customization. DMA puts processes anprocedures in place for managing applications,such as those from Oracle or Microsoft, whenthey are in production, and links them into themonitoring process and the general understandof the contents of the UCMDB. DMA helps ITadministrators answer questions such as:– How do I expand table spaces?– How do I reconfigure disk configurations?– How do I know if all necessary patches have
been applied?
These are standard queries that normally requireexpensive manual intervention to answer. With Dthey are all wrapped up into very simple operatiothat the IT administrator can choose from a menuThe administrator answers a few questions and tproceeds to manage and monitor all the details inparticular installation.• Agentless monitoring:HP SiteScope provides
agentless monitoring of an infrastructure platfoand an application’s key performance indicatorsuch as CPU, disk, and memory usage.
• Provisioning, patching, and compliance of simor complex application architectures: HP Serve
Automation with HP Application DeploymentManager (ADM) provisions simple and complapplication architectures, including DMA contonto the existing infrastructure. HP Server
Automation is also capable of OS provisioningIn addition, HP Server Automation automates ongoing lifecycle management of a deployedoperating system or application with policy-bapatching and compliance capabilities.
Because it significantly brings down the cost orunning servers, HP Server Automation is nor
run on all HP CloudSystem servers. While thedefault is to have HP Server Automation on,customers can also turn it off, if desired.
-
8/20/2019 Understanding the HP CloudSystem - Regerence Architecture
10/20
Figure 7. The service designer uses handy graphical representations to construct and stand up services.
CloudSystem Enterprise portals andinterfacesTo be truly effective, a cloud service needs to havedifferent groups engaging with the service in differentways. For this reason, HP CloudSystem provides avariety of role-based portals and interfaces. Role-based portals and interfaces enhance the userexperience for designing, building, and consumingprivate and public cloud services.
Among the interfaces HP CloudSystem provides arethose for consumers of services, service designers,service assurance, and IT administration—four areascompanies need to address in order to manage acloud service. Examples of some of the interfaces areshown in Figure 7 and Figure 8.
HP Cloud MapsCloud Maps are pre-configured infrastructure-toapplication service definitions that simplify, optiand accelerate the creation of your CloudSystemservice catalog. Cloud Maps fast-track the automof business applications, saving days or weeksof time, while ensuring accurate deployment,configuration, and sizing of your cloud services.
HP has worked closely with our ISV partners todevelop service definitions that encapsulate provbest practices for deploying specific database,middleware, and applications—such as OracleRAC, Oracle WebLogic, Microsoft SQL, MicrosExchange, SAP NetWeaver, and many others—architecting the optimal mix of infrastructure, plaand application configuration.
For up-to-date information on Cloud Map availasee: http://www.hp.com/go/cloudmaps
10
-
8/20/2019 Understanding the HP CloudSystem - Regerence Architecture
11/20
6. HP CloudSystem Service ProviderHP CloudSystem Service Provider is a cloud solutionthat enables service providers to deliver a publiccloud infrastructure as a service and software as aservice, including aggregation and management ofthose services. A service provider can create IaaSand SaaS offers via a multi-tenant environment andto provide those offers via a portal. CloudSystemService Provider also allows organizations to enableprovisioning and access and control, and to bill tomultiple tenants.
Supply layer: As with other CloudSystem offerings, theService Provider infrastructure services are based onHP BladeSystem technologies, along with the MatrixOperating Environment (Matrix OE). (For more detailsabout the CloudSystem infrastructure, see section 5,HP CloudSystem Enterprise, starting on page 6).
Service delivery and consumption: As withCloudSystem Enterprise, in HP CloudSystem Service
Provider the application service delivery (the deliverylayer) and the mechanism for service consumption(the demand layer) are provided by Cloud Service
Automation.
Aggregation Platform for SaaS(AP4SaaS)The Aggregation Platform for SaaS is a keycomponent of the HP CloudSystem Service Provoffering. The HP AP4SaaS serves as the single pof access for all applications (SaaS and hostedservices), delivering a “one stop shop” for cloudservice providers.
This platform allows cloud service providers andlarge enterprises to manage the complete lifecyctheir compute and other cloud services products bundles. The platform enables product creation bon service templates that are generated by utilizithe underlying CloudSystem software and hardw
The Aggregation Platform for SaaS enables thedistribution, subscription, and consumption of IaSaaS, and other on-demand cloud services, and ialso contains flexible charging functions that enathe service provider to offer a variety of pricingschema for cloud services. Moreover, AP4SaaS ia common platform from which service providercan deliver compute-on-demand and other IaaS ahosted services, as well as third-party SaaS servi
Figure 8. Consumers and business users have a convenient, easy-to-use dashboard, a list of current subscriptions, and a servicecatalog for browsing.
-
8/20/2019 Understanding the HP CloudSystem - Regerence Architecture
12/20
The AP4SaaS supports a variety of functions neededto create public cloud service offering, such as:• Customer charging through leverage of the service
provider’s existing BSS systems.• Support for charging models relevant to a compute
services business model—e.g., flat fee, pay-per-use,
etc.• Reseller support that allows the service provider to
manage revenue streams to reseller partners.• Monitoring of the availability of compute services to
guarantee service level agreements.
Using this platform, a service provider’s customerscan discover SaaS and hosted services and bundles,run trials, and subscribe to and consume services. Theplatform also provides an environment for productmanagers to develop and price bundles and enableefficient lifecycle management of SaaS service and
providers.
CloudSystem Service Provider portalsand interfacesBesides other portals and interfaces available inCloudSystem, the Service Provider offering adds otherways to interact with the system, including:• An administrative portal to be used by service
provider product management for product andoffer creation and to register and manage SaaSproviders.
• A marketplace portal where the service provider’scustomers can discover, order, and manage thecompute services products and bundles using aneasy-to-use Web application.
• A self-service portal with tools for monitoringcapacity and power usage, and provision forrebalancing to keep the environment optimized.
These portals can be customized with the serviceprovider’s logo and other information.
7. HP CloudSystem extensionsHP CloudSystem is fully heterogeneous and supa variety of physical and virtual assets and operasystems. Moreover, all core HP CloudSystem plaare extensible via the HP Converged Infrastructuportfolio, which includes storage, security, netwomission-critical computing, and aggregationtechnologies. Depending on the CloudSystem of(CloudSystem Matrix, CloudSystem Enterprise, CloudSystem Service Provider), some items listeextensions below may be provided as part of thesystem or may be available only as an extension“Appendix: HP CloudSystem details at a glance”details.
Operating systemsHP CloudSystem offerings are flexible at the opesystem layer and can support Windows®, Linux, HP-UX. Contact HP for certified reference archifor each OS as they become available.
HP CloudSystem infrastructureCloudSystem provides a common approach tomanaging all storage pools and server resources,including HP 3PAR Utility Storage, reducing themanual overhead required to allocate assets for tcloud infrastructure. HP CloudSystem also incluoptimized support for HP storage and integrates other technologies to provide a proven, open platfor delivering IT infrastructure services.
The core CloudSystem infrastructure can be expand scaled up with additional hardware, such as:• Servers: Add HP ProLiant or Integrity server b
CloudSystem can also support virtual machinerunning on rack-mounted HP ProLiant servers as third-party servers.
• Storage: Add any Matrix-supported shared storsuch as HP 3PAR F-class or T-class Utility StoHP EVA, or HP XP storage products. Third-pastorage can also be added.
• Networking: For a cloud-optimized networkingfabric, add HP Networking components such a
A12500, A9500, and A5800 switches. Third-panetworking can also be added.
12
-
8/20/2019 Understanding the HP CloudSystem - Regerence Architecture
13/20
HP 3PAR Utility StorageHP 3PAR Utility Storage technology is a highlyrecommended extension for HP CloudSystem. This
storage supplies highly scalable, thin provisioned,multi-tenant storage optimized for cloud computing.Customers who are now employing standalone 3PARstorage as a “storage cloud” can use it as a migrationpoint to CloudSystem.
HP 3PAR storage is based on an architecturespecifically designed for cloud security and includesresiliency features for constant data availability.Powered by HP 3PAR Utility Storage technology, thisTier 1 storage for cloud computing can delivervirtually unlimited tiered storage capacity and multi-tenant support. It delivers the agility and efficiencyrequired by virtual and cloud data centers.HP 3PAR storage employs policy-driven tieringtechnologies that balance cost and performance tomeet service level requirements, while increasingbusiness agility and helping minimize risk. It alsofeatures autonomic provisioning: that is, the storage isdesigned to handle volume provisioning and changemanagement autonomically—quickly, intelligently,granularly, and without administrator intervention.Moreover, host-based HP 3PAR software productsreduce manual administration by offering autonomicperformance and capacity utilization monitoring, andby establishing secure, autonomic communicationchannels between storage and hosts.
The hardware technology: HP 3PAR storage forHP CloudSystem includes the F-class and T-classproducts. The HP 3PAR technology in these productsis designed to provide the agility, performance, andscalable capacity that is the optimum match for HPCloudSystem.
HP 3PAR storage makes use of thin technologies thatcan save customers 50 percent or more on the cost ofa storage technology refresh by dramatically reducingoverall capacity requirements and keeping utilizationrates high over time. These thin technologies helpminimize not only upfront and ongoing storage costs,but also the cost of housing, powering, cooling, andmanaging storage.
Some of HP 3PAR’s other hardware features inc• Mesh-Active controller technology:The Mesh-A
design allows each LUN to be active on every controller in the system. This design delivers rload-balanced performance and greater headrofor cost-effective scalability.
• Fine-grained virtualization:This divides eachphysical disk into granular allocation units, or 2MB chunklets, each of which can be independeassigned and dynamically reassigned to virtualvolumes of different Quality of Service (QoS) This fine-grained virtualization means that eacdrive can support many QoS levels, so the systcan make the most efficient use of physical ass
• Persistent cache: This eliminates performanceimpacts resulting from unplanned componentfailures, making it an excellent choice formaintaining service levels in the virtual data ceThis resiliency feature helps to gracefully handcomponent failures by eliminating the performpenalties associated with “write-through” mod
The software: With the HP 3PAR extension forHP CloudSystem, customers receive software deto enhance the agility and efficiency of their utilstorage deployment, including:• HP InForm operating system: It employs advanc
internal virtualization to enhance administrativefficiency, system utilization, and storageperformance.
• Management console: It simplifies administratithrough a unified, point-and-click interface thasupports HP 3PAR software and provides richinstrumentation for the physical and logical obwithin all HP 3PAR storage systems. Figure 9 sthe console.
Storage Provisioning Manager (SPM)In order to be effective in an increasingly sharedconverged, or cloud environment, administratorshave to comprehend the differing roles of serverstorage admins in IT. Server admins manage anddeploy servers and the applications on them. Stoadmins look at the health of storage and managethe consumption and protection of data. SPM takthis into account and, with HP CloudSystem Matprovides a single solution for both types of admi
-
8/20/2019 Understanding the HP CloudSystem - Regerence Architecture
14/20
Figure 9. HP 3PAR management console
HP 3PAR Storage and CloudSystem Matrix togetherwith SPM are the best of breed platforms forconverged infrastructures and clouds. SPM enablesthe creation of a Storage Catalog in Matrix thatallows the storage admin to establish a set of secure,optimized storage resources that adhere to keystorage governance policies. The resources can thenbe provisioned and utilized by the server adminswith minimal interaction. This saves operations time,improves storage efficiency, and maintains a secure,available environment, all in a repeatable, reliable
process.HP TippingPoint securityHP TippingPoint security is another importantextension available for HP CloudSystem. TippingPointtechnology extends existing security inspection,visibility, and protection to the virtual infrastructureand delivers seamless security for the cloud. Thissolution enables customers to deploy security policiesthat automatically adapt to changes in virtualenvironments, such as introducing a new virtualmachine. It offers continuous protection of boththe physical and virtual landscape from a single,
integrated offering.TippingPoint IPS: HP TippingPoint technologycenters on the Intrusion Prevention System (IPS),an inline security appliance with full inspection of
every packet of network traffic that passes throuit. The TippingPoint IPS incorporates intrusionprotection intelligence from HP’s security researand development organization Digital Vaccine La(DVLabs), which regularly provides new filters tguard against the industry’s latest malicious attac
The TippingPoint IPS is a vital inline tool for proagainst Web application attacks, malware, and daexfiltration. CloudSystem customers can includeTippingPoint extension to protect public, privatehybrid cloud offerings, even those that require scwell over 10 Gbps.Secure Virtualization Framework (SVF): The Secu
Virtualization Framework is a combination of prdesigned to secure the entire data center, includineven the virtualized infrastructure. The SVF con• The physical TippingPoint IPS appliance.• The Virtual Management Center (vMC), shown
in Figure 10 installed on a virtualized host on tmanagement network.
• A virtual controller plus virtual firewall combin(vController+vFW), shown installed on a virtuhost.
The Secure Virtualization Framework provides asingle security model for both physical and virtuassets.
14
-
8/20/2019 Understanding the HP CloudSystem - Regerence Architecture
15/20
TippingPoint Architecture: In Figure 10, the physicalIPS is installed at the perimeter of a simple data centerwith both physical hosts and virtualized hosts, a top-of-rack switch, and a core switch, which could alsobe a distribution switch. This architecture provides theability to inspect all traffic moving into and out of thedata center. The solution can scale from this simpleexample to large global deployments spanning manydata centers across public, private, or hybrid clouds.
The vMC is installed as a virtual machine (VM),even on the same server hosting VMware’s vCenter,the VMware management console. Once thevMC is installed on the management network, itcommunicates with the VMware vCenter. The vMCis able to auto-discover the entire virtualized datacenter, and it can provide real-time visibility of everyvirtualized host and every virtual machine on eachhost. In addition, the vMC provides a logical overviewof the network topology, showing how all of thevirtual machines are interconnected in the data centerand how protection is applied.
One vController+vFW combination is deployed toeach virtualized host from vMC thru vCenter. ThevController+vFW integrates with VMware’s hypervisor
through the VMsafe API, providing a certifiedsupported solution.
Once installed, the vController+vFW introduces
firewall policy into the hypervisor that controls tin and out of each VM. In this role, vController+can see all traffic coming from any of the applica
VMs on the virtualized host and allows applyingpolicies. For example:• Is the traffic permitted or not? If permitted, the
is allowed to pass. If not permitted, vFW can bit at the hypervisor level.
• If the traffic is permitted, should it be inspectedTo inspect the traffic, the vController redirectstraffic via a dedicated VLAN to the physical IPinspection.
This solution provides complete enforcement ofsecurity policies in both the physical and virtual centers. And because every vController+vFW indata center has knowledge of all security redirecpolicies, the same security posture remains with
VM or application no matter where it moves in tdata center. When new VMs are brought up, theycan be automatically detected and protected withvController.
Figure 10. The HP TippingPoint extension provides a physical IPS, as well as a virtual controller and firewall for each virtualized
vMCHP TippingPoint IPS
vController +vFW
VMwarevCenter
Core switch
Management network
Virtualized host
Top-of-rack switch
Physical hosts
vSwitchHypervisor
VMsafe kernel module
Redirect policy
OS
App
OS
App
OS
App
Application VMs Service VM
OS
App
-
8/20/2019 Understanding the HP CloudSystem - Regerence Architecture
16/20
The solution provides these key elements of securityrequired in any virtualized environment:• Securing the hypervisor from internal threats.• Protecting against host-to-host threats.• Protecting against VM-to-VM threats.• Protection regardless of VM mobility.
High availability is provided at multiple levelsthroughout the system: the vController monitors that
the IPS is active and will bypass inspection if it fails.The IPS will bypass inspection upon failure. Andredundant IPSs and paths can easily be deployed.
Virtual patching: To stay abreast of new threatsand vulnerabilities, the HP TippingPoint IPS isupdated regularly with Digital Vaccine service. Oncevulnerability filters are enabled on the IPS, it is likehaving all systems in the data center fully patchedagainst the latest vulnerabilities—in essence having a“virtual patch” in place. Any malicious traffic intendedto exploit a particular vulnerability is immediatelydetected and blocked. The solution is highly scalable:the intrusion prevention system can protect thousandsof unpatched systems with a single virtual patch.Patching is done seamlessly and quickly, allowingfor full testing and deployment of patches as systemmaintenance schedules permit.
HP Network AutomationNetwork Automation software helps prevent errorsbefore they occur and delivers measurable costsavings by using process-driven network automation.HP Network Automation automates the completeoperational lifecycle of network devices, fromprovisioning to policy-based change management,compliance, and security administration.
When integrated with CloudSystem, HP Network Automation takes the automation of IT workflowsbeyond traditional network change and configurationmanagement. It provides an integrated solution thatunifies network fault, availability, and performancemanagement with change, configuration, and
compliance management along with automateddiagnostics.
HP Network Automation supports an exhaustiveof network devices from over 70 vendors—alongwith virtual devices—providing comprehensivenetwork change and configuration managementcoverage for an extensive range of physical andvirtual hardware. HP Network Automation enabla resilient, maintainable, and cost-effective netw
that is compliant with both company standards agovernment regulations.
HP Network Automation is available as an extento the HP CloudSystem Matrix and CloudSystemEnterprise offerings and is included in CloudSysService Provider.
HP Storage EssentialsStorage Essentials is a CloudSystem extensionthat provides comprehensive storage resourcemanagement and storage automation forCloudSystem’s physical and virtual infrastructure
improves efficiency in managing, visualizing, anreporting on the CloudSystem storage environmand infrastructure.
HP Storage Essentials integrates with OperationOrchestration, applying pre-packaged storageoperations and workflows to automate repetitivetime-consuming storage tasks. In conjunction wiUCMDB, Storage Essentials can record SAN chand audit SAN configuration compliance, revealithe potential impact of changes before they occu
Storage Essentials also works to monitor the heaand availability of storage hosts, switches, andarrays, and it shows the impact of storage alertson critical business services. Along with HP Ser
Automation software, Storage Essentials helpsvisualize and report on servers and storage throua single pane of glass. It even includes storagecompliance audits.
16
-
8/20/2019 Understanding the HP CloudSystem - Regerence Architecture
17/20
Business Service ManagementBusiness Service Management is a CloudSystemextension that can help ensure the performanceand availability of CloudSystem’s virtualized andcloud-based services. It helps pinpoint and repair
system failures before they become business serviceproblems, and it enables greater efficiency becausethe correct teams are dispatched to fix problems.Moreover, Business Service Management providesbetter prioritization of IT issues by making visible thelinks between technology and business services.
HP ArcSight software ArcSight software is another complementary softwarecomponent for HP CloudSystem. ArcSight addscybersecurity and compliance solutions that protectorganizations from enterprise threats and risks.The use of ArcSight with HP CloudSystem can helporganizations safeguard physical and virtual digitalassets, comply with corporate and regulatory policy,and control the internal and external risks associatedwith cybertheft, cyberfraud, cyberwarfare, andcyberespionage.
HP Fortify softwareFortify software is an excellent security enhancementfor HP CloudSystem. Fortify is a suite of integratedapplications for identifying, prioritizing, and fixingsecurity vulnerabilities in software and managing thebusiness of ensuring application security. By enablingenterprises to quickly identify and fix the securityholes within their software applications, Fortifydramatically reduces the risk of catastrophic attackson applications deployed as a cloud application onthe Internet and further helps ensure compliance withgovernment and regulatory mandates.
HP NetworkingHP provides networking solutions that improveservice levels, ensure business continuity, enableservice agility, and reduce capital and operatingcosts. HP networking solutions are built from theground up to meet the demanding needs of today’s
highly virtualized, large-scale application and cloudenvironments.
Mission-Critical ComputingOne particularly valuable extension forHP CloudSystem is HP Mission-Critical Computing.
With the Mission-Critical Computing extension,
HP CloudSystem Matrix optimizes IT capacity wensuring predictable delivery and service levels organizations. The HP-UX capabilities for MissiCritical Computing are integrated into the Matrixlevel as well as the Cloud Service Automation le
Third-party virtualization supportHP CloudSystem is scalable and expandable withthird-party resources, including third-party servethird-party storage, third-party networking, thirdoperating systems, and heterogeneous virtualizaplatforms. CloudSystem supports leading hypervincluding VMware vSphere and Microsoft Hyper• VMware: CloudSystem fully supports a custom
existing investment in vSphere and vCenter SeIt also supports interoperability with many vCetools.
• Microsoft Hyper-V:CloudSystem supports Hypvirtualization, SCVMM, and Microsoft applicaIt also supports interoperability with many MicSystem Center tools.
In addition, CloudSystem can burst to public clofrom providers.
8. Summing upHP CloudSystem is a complete, integrated, opensystem to build and manage services across privapublic, and hybrid cloud environments. It combi
the strength of HP Converged Infrastructure withthe established leadership of HP Cloud Service Automation software, yielding a solution that deunified security, governance, and complianceacross applications as well as physical and virtuainfrastructure.
9. Resources• For more about HP CloudSystem, see:
www.hp.com/go/cloudsystem
• To learn the details of Matrix OperatingEnvironment, visit:www.hp.com/go/matrix
• To learn about Cloud Service Automation, go towww.hp.com/go/CSA
• For the latest up-to-date information about CloMaps, visit:www.hp.com/go/cloudmaps
• To learn more about HP CloudStart, go to:www.hp.com/services/cloudstart
-
8/20/2019 Understanding the HP CloudSystem - Regerence Architecture
18/20
Appendix: HP CloudSystem detailsat a glanceThis section shows details of the three CloudSystemofferings, showing the core components andextensions available.
18
Component Description Value and benefit
CloudSystem configuration
Matrix Enterprise
HP Matrix OE• Operating environment,
management for Matrix• Maximizes resource utilization;
provisions infrastructure in minutesrather than months
HP BladeSystem• Modular blade and Virtual
Connect architecture• Modular, efficient blade architecture
with flexibility to connect servers to anynetwork
HP 3PAR Utility Storage:F-class and T-class
• Next-generation thin-provisioned storage,optimized for hybrid cloud
• Reduces acquisition costs by up to 50%,reduces operating costs by up to 90%,improves security via full multi-tenancy
HP EVA, XP, P4000storage
• Diverse portfolio oftraditional architecture
storage arrays
• Bridge to t raditional storage technology;preserves existing investment
TippingPoint IPS; vController and vFW
• Security solutions forphysical and virtual clouddomains
• Seamless security for entire data centerattack surface, including hypervisor
Networking (A12500, A9500, A5800)
• High-performance, flexiblecore-to-edge networkingfabric
• Up to twice the performance at half thepower consumption
Mission-critical HP-UX*
• Matrix with HP-UX for mostdemanding mission-criticalworkloads
• Uncompromising resiliency; instantagility; consistency with existing mission-critical deployments
Included Exte* With CloudSystem Matrix, all of the functionality is supported for HP-UX, although some functions may
be performed through a different interface.
CloudSystem infrastructure components
-
8/20/2019 Understanding the HP CloudSystem - Regerence Architecture
19/20
CloudSystem software components
Component Description Value and benefitCloudSystem configurat
Matr ix Enterpr ise
Cloud Maps
• Predefined templates, workflows,and white papers for enablinginfrastructure, popular applications,databases, and middleware
• Fast track the development of a cloud servicecatalog and accelerate application deployment
SiteScope
• Agentless infrastructure andapplication performance
monitoring, alerting, and reporting
• Improves private cloud service performanceand availability; decreases time to repair and
IT admin overhead; pre-integrated with MatrixOE
Server Automation(Starter edition)
• Policy-based provisioning,configuration, patching, andcompliance management of servers,OS, and application infrastructure;1000 VM per OS limit
• Decreases system admin overhead whileincreasing accuracy and compliance toconfiguration standards; pre-integrated withMatrix OE for rapid CloudSystem Matrix IaaSdeployment
Server Automation(Enterpriseedition)
• SA Starter Edition plus: ApplicationDeployment Manager, MultiMasterMesh, Satellite, and unlimited
VM/OS scale
• Pre-integrated to CSA 2.0, enables compositeapplication lifecycle management and DMAextensions; synchronizes multi-site for scale anddisaster recovery
Cloud Service Automation 2.0
• Full lifecycle management andautomation for building andmanaging hybrid cloudenvironments
• In addition to SiteScope and Server Automation Enterprise Ed.,includes:– CSA Foundation Server (self-
service portal, cloud controller,resource management, UCMDB)
– Operations Orchestration
• Comprehensive cloud service delivery andmanagement across public, private, andtraditional IT environments with one-touchprovisioning and monitoring for large-scale,heterogeneous environments– Rich enterprise portal for Line of Business– Intelligent, multi-resource pool management
and orchestration– Service model enables seamless integration
to BSM/ITSM– IT process automation and run book
automation
Database andMiddleware
Automation
• Best-practice automation fordatabase and middleware
• Pre-packaged and supported content improvesefficiency, speed, and accuracy of databaselifecycle management
Business ServiceManagement
• Performance and availabilitymanagement solutions forvirtualized and cloud-basedservices
• Improves service quality and monitors totalcustomer experience by integratinginfrastructure, application, and end-userperformance and availability management
Storage Essentials
• Deep performance and availabilitymanagement of HP disk arrays andmultivendor SANs
• Increases storage resource efficiency, serviceperformance, and availability throughautomated discovery, mapping, monitoring,and capacity management of virtual andphysical storage environments
Network Automation
• Lifecycle management for globallydistributed heterogeneous networks
• Change, configuration, and compliancemanagement for multivendor physical andvirtual networks
AggregationPlatform for SaaS
• Single point of access thatintegrates and aggregates multipleSaaS and hosted services offerings
• Enables service providers to accelerate revenuegrowth by providing SMBs with “one-stop-shop” experience for multiple SaaS and hostedservice offerings from unified portal access
Included Exten
-
8/20/2019 Understanding the HP CloudSystem - Regerence Architecture
20/20
© Copyright 2011 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The onlywarranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing hereinhould be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.
Share with colleagues
Get connectedwww.hp.com/go/getconnected
Get the insider view on tech trends, alerts, andHP solutions for better business outcomes
http://www.hp.com/go/getconnectedhttp://www.hp.com/go/getconnectedhttp://www.hp.com/go/getconnectedhttp://www.hp.com/go/getconnectedhttp://www.hp.com/go/getconnected