HP Virtual Application Network Business white paper

OrchestrateVirtual application networks accelerate the move to the cloud

3 Data center networks are at the breaking point 4 Starting with architectural simplification 4 Virtualizing the FlexNetwork architecture 5 Provisioning delays in the cloud data center 5 Virtual Application Networks 5 Rapid cloud application deployment and data center network provisioning 6 What is Edge Virtual Bridging? 6 Provisioning—a simple and automated model 7 Extend your reach with open APIs 8 Move ahead to the cloud

Table of Contents

3

The cloud is a desirable destination where applications and information are readily available and can be consumed quickly, efficiently, and anywhere. But the path to the cloud can be filled with unseen challenges, including the network itself.

The legacy networks used today limit business and the ability to freely move applications to the cloud. The proprietary nature of these legacy networks lock in customers and prevent them from choosing the best solution to fit their business.

Legacy networks are application indifferent, with rigid, multi-tier architectures which limit the deployment of cloud applications and impede the traffic flows across the network from the data center to the user in the campus or branch. In addition, legacy networks require dozens of disaggregated manual management applications to configure, deploy, and monitor physical and virtual networks, causing swivel-chair management and resulting in an incomplete view of the network.

Data center networks are at the breaking pointSuccessful cloud data centers require a network to enable rapid deployment of applications, meet the traffic demands of large-scale virtual workload mobility and federated applications, and deliver secure multi-tenancy.

There’s no time to delay. More than two-thirds of all server workloads will be running in virtual machines (VMs) by 2014.1 More than 80 percent of data center traffic will be between servers by 2014.2 But today’s data center networks are too inflexible to deliver rapid deployment of virtualized workloads and adapt to the needs of large-scale workload mobility. Legacy

network processes and tools use device-by-device manual configuration and provisioning which are error-prone, time-consuming, reactive, and isolated from IT-wide orchestration.

These manual network processes can take up to several weeks, delaying the deployment of new applications and putting reliability at risk because most network outages are the result of human error—changes made to the network that are incorrect, mis-timed, or fail to follow the appropriate workflow procedures.3 In addition, IT operating models are bureaucratic and compartmentalized. The current complexity of IT is holding back cloud applications.

A typical data center with 500 servers, including approximately 20 virtual machines per server, requires manual provisioning of more than 50,000 networking attributes on a port-by-port basis. Those 50,000 network attributes may require over 250,000 command-line entries on dozens of network switches. These manual command-line entries cause both time delays and reduces reliability. Even if only one error is made for every 1,000 entries, 250 errors will be made. The challenge in ensuring reliability of the cloud of virtual data center is being able to find the error in order to remedy it.

To accelerate the move to the cloud, the network must offer tools and processes that predictably automate previously manual processes, streamlining orchestration of both physical and virtual resources to give businesses speed and reliability. The tools and process must allow for network provisioning to account for the application requirements to provide users with the anticipated service levels and experience. At the same time, the data center network must be simpler and flatter to speed performance of federated workflows and VM mobility.

1 Gartner G00207476: Emerging Technology AnalysisGartner G00175764: Key Issues for Communications Strategies, 2010

2 Gartner, Inc. “Your Data Center Network Is Heading for Traffic Chaos,” Bjarne Munch, April 27, 2011.

3 Forrester – Feb. 2007 “Who Has Changed My Network” by Evelyn Hubbert with Robert Whiteley and Rachel Batiancila

FlexManagement

FlexNetwork Architecture

FlexCampusFlexFabric FlexBranch

Open Scalable Secure Agile Consistent

Figure 1. The FlexNetwork Architecture delivers simplicity as the industry’s only architecture that unifies the data center, campus, and branch

4

Starting with architectural simplificationHP is changing the rules of networking with HP FlexNetwork architecture, a component of HP’s proven Converged Infrastructure. The HP FlexNetwork architecture (see Figure 1) is the industry’s only converged architecture from the data center—where applications and services are generated, to the campus and branch—where users consume them. The FlexNetwork architecture allows networks to be open, scalable, secure, agile, and consistent.

FlexManagement delivers a single-pane-of-glass for managing the FlexNetwork architecture and its core platform is the Intelligent Management Center (IMC). IMC is a service-oriented architecture (SOA) platform with modules that deliver full Fault, Configuration, Accounting, Performance, and Security (FCAPS) management. As a service-oriented architecture, the modules share information and combine to deliver powerful management solutions.

IMC allows IT to shift from swivel-chair management to centralized control and orchestration of the network.

Virtualizing the FlexNetwork architectureWith a consistent architecture for the data center, campus and branch, and single-pane-of-glass management for the FlexNetwork architecture, HP is in a position to virtualize the network from the data center to the campus and branch. This sounds like a tall order, but one that is already familiar.

Intelligent Resilient Framework (IRF), a unique networking innovation offered by HP, is a switch virtualization technology. In IRF, the control plane and data plane are separated. This framework groups the switches together under a single IP address, which allows them to be managed as a single switch.

Virtualizing the entire network by providing a single control plane across the end-to-end network, from the data center to the campus and branch, is achieved by applying principles similar to that of IRF to all networking devices. The abstraction layer created through a single control plane across the entire network enables IT to orchestrate the network using policies instead of managing device-by-device as conducted on legacy networks. Having a control plane across the network is akin to a hypervisor controlling server resources in virtualization (see Figure 3).

Through virtualization of the entire network, from the application to the user, IT can use orchestration tools to characterize the delivery requirements of an application and provision a virtual network that meets the service levels and experience expected by the user.

HP is leading the industry in OpenFlow, an open standard based technology, a protocol that allows a standards-based programmable interface. By leveraging OpenFlow, HP can provide standards-based mechanism to extend the control plane abstraction concept beyond HP Networking devices.

Figure 2. Virtual Application Networks

Reference the full view of the HP Networking Portfolio Guide

NETWORKNETWORK

CHARACTERIZE

VIRTUALIZE

ORCHESTRATE

Virtual Application Networks characterize, virtualize, and orchestrate networks to deliver applications and contentto campus, branch, and mobile users.

Virtualize the network infrastructure end to end for on-demand topology and device-independent provisioning.

IMC Virtual Application Network Manager Module enables network administrators to preconfigure connection profile templates, accelerating the deployment of cloud applications; it’s part of IMC, HP’s single-pane-of-glass management for physical and virtual networks.

Characterize and template applications for consistency, reliability, and repeatability.

Orchestrate the network to rapidly and dynamically connect users to applications.

Figure 3. Virtual Application Networks

FlexManagement

FlexNetwork Architecture

FlexCampus

Hypervisor

Server CPUs

Control Plane

FlexFabric FlexBranch

Open Scalable Secure Agile Consistent

5

Provisioning delays in the cloud data centerCloud data center administrators need an agile, error-free, and dynamic solution for provisioning network connections for virtualized workloads.

Today, provisioning server access switches is a series of back-and-forth, iterative steps between the system administrator and the network administrator. The network administrator manually configures the network connections, which is complex and time consuming given the number of required CLI commands as we have seen with the example of provisioning a data center. If errors are introduced through manual provisioning, application rollouts are delayed even further.

While system administrators may use vSwitches to speed provisioning, they create other operational complexities. vSwitches add another networking layer which increases data center network latency, slowing performance of virtual machine mobility and federated applications. vSwitches typically require an additional management tool for the system domain. Finally, vSwitches limit visibility for the network administrator and reduce the security over the traffic passing between workloads on VMs.

The desired pace of cloud application deployment on a VM is five minutes—a pace server virtualization has brought to server administrators. This pace is desirable when application workloads must be migrated to other servers. Today, network administrators must perform additional device-level provisioning, adding further delay and disruption.

Virtual Application NetworksA Virtual Application Networks (see Figure 2) is a new cloud functionality that speeds application deployment, simplifies management, and supports network service level agreements (SLAs) across the HP FlexNetwork architecture. Virtual Applications Networks connect users to an application by designing and implementing them to meet the requirements of application classes such as voice, real-time transaction processing, or video over a secure, shared infrastructure built with the FlexNetwork architecture. Virtual Application Networks support multitenancy in which each Virtual Application Network is dedicated to a business unit or company.

With Virtual Application Networks, you can separate network provisioning from device management with connection profile templates and leverage proven network virtualization technologies to simplify management and reduce the time to deploy cloud applications.

Rapid cloud application deployment and data center network provisioningData center administrators need a more agile, error-free, and dynamic solution for provisioning network connections for virtualized workloads.

FlexFabric is the data center solution module of the FlexNetwork architecture, and it is HP’s vision for a next-generation, highly scalable data center network. The FlexFabric solution is a high-performance, low-latency interconnect which converges and secures the data center network, compute, and storage with single-pane-of-glass management for physical and virtual elements, reducing complexity and cost.

VAN Manager is a module that runs on the IMC which provides single-pane-of-glass management. The VAN Manager module includes three components: the designer, the policy engine, and the VMware plug-in.

The VAN Designer (see Figure 4) provides a flexible, intuitive, graphical interface for network administrators to quickly and efficiently design network connectivity for cloud applications. Administrators can design connection profiles called Virtual Service Interfaces (VSIs) for different physical and virtual application workloads.

VSI connection profiles can be designed for specific application delivery requirements. Some of the attributes in a connection profile include committed information rate, peak information rate, prioritization, priority policy (IP Precedence, DiffServ, etc.), and access policy. These attributes allow the Virtual Application Network to be characterized by the delivery requirements of the application or class of applications.

With the VAN Designer, the network administrator and server administrator can design a set of connection profiles that can be used repeatedly for the rapid and consistent deployment of cloud application workloads. For a business migrating hundreds of existing applications to a private cloud, only a dozen connection profiles may be needed once the applications with similar delivery requirements are organized into classes.

The VAN Policy Engine stores the connection profiles and fulfills connection requests from both physical and virtual servers.

The VAN VMware plug-in allows the connection profiles to be visible in VMware vCenter. When a new cloud application workload needs to be deployed, the server administrator can simply select the appropriate connection profile—defined as a VSI type in IMC—characterized for the application delivery requirements. When the administrator selects the “power on” button, the Policy Engine in the VAN Manager will automatically configure the data center access switch, eliminating the manual configuration previously required. Within five minutes, the new cloud application workload can be connected to the network and be available to users. HP plans to offer other plug-ins that integrate into other hypervisor environments such as Microsoft Hyper-V, Citrix Xen, and KVM for Linux. As with support of other hypervisor environments, Virtual Application Networks supports HP and third-party switches that support Edge Virtual Bridging (EVB) and non-EVB implementations.

6

What is Edge Virtual Bridging?The lack of management visibility into traffic at the server-network edge is challenging within a virtualized environment. Traffic between virtual machines installed on a server is not visible to the network and therefore not managed and is susceptible to security threats. Edge Virtual Bridging (EVB) with Virtual Ethernet Port Aggregator (VEPA) technology is one way to overcome the lack of visibility of traffic between VMs. EVB is an IEEE 802.1Qbg standard that enables network management and service provisioning as close to the edge as possible. EVB combines the best of software and hardware switches and does not force changes into installed environments. HP supports EVB with VEPA, as well as non-EVB technologies. Using VEPA technology shifts the network processing activities close to the server-network edge, just inside of the network fabric. This lets the access switches manage the virtual network traffic, resulting in greater traffic visibility and better performance. EVB technologies will play a key part in the evolution of VAN for FlexFabric, enabling more scalable and secure solutions and hypervisor environments including Citrix Xen and KVM for Linux.

New cloud workloads can be instantly connected to the network by subscribing to the appropriate connection profile. When a workload moves, the connection profile moves with it, verifying the network connection is always characterized to the delivery requirements of the application. If the service level of the Virtual Application Network is not being met, the connection policy can be modified appropriately and IMC will automatically provision the network according to the changes.

IMC includes vSwitch Manager, which is used to set and monitor vSwitch features in the VM manager. IMC provides visibility of the physical and virtual networks and monitors VM connectivity which is accomplished through the vSwitch component within IMC. The connectivity and status of VMs that are deployed through VAN Manager will be visible in IMC.

Virtual Application Networks specific Web services-based extended APIs (eAPIs) enable external access to its functions from cloud and network orchestration frameworks.4

VAN Manager provides network administrators with an entirely new level of agility and flexibility by allowing them to proactively design and provision the network. Network administrators

can work collaboratively with system administrators to deliver networking connectivity more quickly yet still retain consistent control and security over the network. Together, they can provision server access in minutes, rather than weeks.

Provisioning—a simple and automated modelCompared to the old process of provisioning servers, the process with HP Virtual Application Networks is streamlined and straightforward (see Figure 5). Through Virtual Application Networks, provisioning the network through automation eliminates CLI configuration. IMC has in-depth intelligence of the network and, beyond provisioning the network with Virtual Application Networks, it can automate the creation of VLANs and simplify switch management and configuration with IRF.

Virtual Application Networks establishes a new model to allow data center managers to expand their use of virtualization by giving them a proactive and flexible approach to consistently provision and secure network connectivity. Virtual Application Networks can quickly and efficiently deliver support to the large scale virtualization that’s required for cloud services. VMs on the server edge can also be thoroughly monitored and audited.

With virtualization scale outs and/or the need for virtual machine migration across physical servers or data centers, orchestration is critical to providing continuous service to users. Virtual Application Networks assists orchestration by enabling the connection for a VM to be automatically migrated if the VM is moved by the system administrator. Provisioned connections stay bound to the VM.

4 These eAPIs are included in the IMC Enterprise Platform and are a licensable upgrade in IMC Standard Platform

Delivering Virtual Application Networks Today

• Characterize app using template

• Program virtual network resources

• Orchestrate network resources

Hypervisormanagement

Intelligent Management Center

VANPlug-In

VANPolicyEngine

VANAPI

HPN accessswitch

HPN CoreSwitch

HPN CoreRouter

VM

VM

VM

vSwitchManager

Server

NIC

vSw

itch/

HP

open

vSw

itch VAN Manager components

IMC enterprise/Standard components

VAN accessswitch SW

VANDesigner

Figure 4. Virtual Application Networks—management across physical and virtual networks

7

Extend your reach with open APIsVirtual Application Networks is built to enable flexible integration of server and networking operations together to let those teams more quickly deliver connected server resources. In the context of advanced cloud provisioning environments, Virtual Application Networks also delivers a robust set of APIs for enterprises to integrate Virtual Application Networks operations into E2E orchestration solutions (see Figure 6). In these models, the discrete Virtual Application Networks functions and process steps can be integrated seamlessly into server, storage, and networking DevOps models to deliver complete IT services quickly and efficiently.

HP has extended the reach of Virtual Application Networks by publishing the Virtual Application Networks-specific IMC eAPIs to allow enterprises and third-parties to develop customized management solutions. Like IMC itself, eAPIs are built on a service-oriented application platform, making it open and extensible.

eAPIs allow developers to tap into the rich information and functionality of IMC, whether they are developing a new application or integrating an in-house management tool with IMC.

DevOps/Cloud Manager

Network AdminIMC VAN API

VAN Designer

IMC device adapter layer

Network Infrastructure

Cloud Provisioning Logic(Matrix/CIC/CSA/Openstack etc)

Other Resource Managers/Zone Managers

CI controllers/cloud provisioning appsusing VAN API for network services

Network admin configures Virtual Application Networkwith the Designer

PowerCooling, Facilities

StorageTargets,Volumes

OS images,App

Deployment

Servers, ServerProfiles,

Enclosures

Hypervisors, VM

VM Templates

CoreRouting

IDS/IPS

ADC VPN

Edge

Con

nect

Fabric DC Core WANMPLS/VPLS

Fire

wal

l

Figure 6. Virtual Application Networks provides flexibility to integrate server and network operations and align with Cloud Provisioning/orchestration frameworks leveraging Virtual Application Network APIs

Rapid Application Deployment with Virtual Application Networks

System admin Network admin

Characterizethe application

1

IMC VAN ManagerDefine attributes

Virtualize the network 2

VM managerIMC

VMwareplug-in

Chooseconnectionprofile

Orchestratethe network

3

IMC VAN Manager

VM

Figure 5. Virtual Application Networks simplifies and automates the labor-intensive process of provisioning network access to virtual servers.

Move ahead to the cloudThe first instantiation of Virtual Application Networks will begin in the data center networks by characterizing the applications, virtualizing the network control plane, and automating the orchestration of the data center. HP plans to extend these principles to encompass the entire FlexNetwork architecture through the expansion of Virtual Application Networks to tune the application delivery requirements in the data center and ultimately improve the user experience for these applications in the campus and branch networks.

Virtual Application Networks provides a fundamentally better operating model for IT, allowing for the greater agility long demanded by the business, as well as tailored delivery of network connectivity, scalability, and security is are necessary with cloud services. With Virtual Application Networks, IT can deliver applications quickly to support changing business requirements while automating and orchestrating management to lower cost. With HP FlexNetwork solutions, IT can truly do more with less.

To learn more about HP products, contact your HP sales representative. For more information on HP Networking visit hp.com/go/networking

Learn more about extensible and open single-pane-of-glass management in the HP Intelligent Management Center (Enterprise Platform) Extended APIs (eAPIs) Brochure

Learn more about Cloud Network Maps for the data center

Learn more about virtualized networks enabled by OpenFlow

Get connected hp.com/go/getconnected

Get the insider view on tech trends, alerts, and HP solutions for better business outcomes

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.

Microsoft is a U.S. registered trademark of Microsoft Corporation.

4AA4-0790ENW, Created April 2012

Share with colleagues