Network consolidation and virtualization solve management problems

Consolidation and virtualization are a natural fit, but not just for servers. Network consolidation can also benefit your virtual infrastructure, as long as you focus on security.

Network consolidation can help a virtual infrastructure run more efficiently and cost-effectively. With consolidation, administrators can have fewer network peripherals and ports to purchase and manage -- while boosting network and server performance. But network consolidation comes with potential downsides, such as security concerns.

The first of this two-part series on network design principles for virtualization focused on server virtualization hardware and storage protocols. Now, in part two, I discuss the pros and cons of network consolidation and virtualization.

Converged network adapters bring network consolidation

More network consolidation and virtualization resources
Benefits of server consolidation for energy efficiency

Green networking services guide

Server consolidation and virtualization project planning guide

 Converged network adapters (CNAs) are new to the virtualization landscape and provide I/O and network consolidation. A CNA stacks Ethernet and storage protocols into one adapter on the virtualization host, reducing the amount of equipment you need to purchase and manage.

One CNA, for example, can perform the duty of being an Ethernet interface (up to 10 GB) on which the iSCSI storage protocol and Fibre Channel over Ethernet (FCoE) connectivity can also be used. Architecturally, the CNA consolidates endpoint connectivity on a server and its associated switch infrastructure.

If a virtualization host uses a CNA for connecting to each Fibre Channel, Ethernet and iSCSI storage network, there would be one device installed either as a dual-port unit or two single-port units for redundancy. And there would be converged switches instead of separate storage switches for Fibre Channel and networking.

Network consolidation and virtualization product overview

Hewlett-Packard Co. and Cisco Systems Inc. have recently released products to help address I/O connectivity requirements for large virtualization installations. Cisco Systems Inc.'s Unified Computing System uses fabric interconnects and fabric extenders to the virtualization host to get around the centralized switching component requirement. Figure 1 shows the Cisco architecture:

Cisco Unified Computing System and its role in network consolidation and virtualization
Figure 1 (Click thumbnail for enlarged image.)

HP Flex Fabric consolidates Ethernet, Virtual Ethernet Port Aggregation, FCoE and Converged Enhanced Ethernet -- arguably a more attractive long-term offering, thanks to the popularity of HP ProLiant servers for virtualization hosts. When it comes to blade servers for virtualization hosts, role, HP VirtualConnect reduces connectivity requirements.

InfiniBand technologies are another option for network consolidation and virtualization. They use high-performing media to consolidate storage and networking and have been in the market longer than the above-mentioned products from Cisco and HP.

For VMware virtualization, administrators who want to minimize cabling to virtualization hosts or need to consolidate their switching infrastructure have several options. One key player is the Xsigo Systems Inc.'s I/O Director, which connects the VMware host via the InfiniBand interface and can provision numerous resources.

Xsigo I/O Director has 15 slots to provision up to 24 InfiniBand ports. Depending on the number of hosts and desired interfaces, it can consolidate I/O enough to reduce costs. For VMware installations, I/O Director also lets you manage the provisioning of VMware network interface controller (vmnic) and VMware host bus adapter (vmhba) resources from within the vSphere Client.

Network consolidation security concerns

For the virtualization purist, consolidating I/O through unified fabrics or CNAs is great, because it reduces device and cabling requirements and utilizes more of the provisioned infrastructure. This bang for the buck is nice, but when one media is responsible for transporting all the critical protocols, security issues come into play.

On several occasions, guests have discussed these concerns during the "Virtualization Security Round Table Podcast." These podcasts dissect what virtualized I/O really means from a security perspective. Fully separating security and management zones in both networking and storage is critical.

Despite these security concerns, the good news is that as you design a virtualized infrastructure, there are plenty of options. Generally speaking, you should consider these factors when selecting networking equipment for your virtualization environment:

  • Security requirements
  • Cost
  • Number of I/O points
  • Performance requirements
  • Manageability

Server manufacturers have done a favor for most virtualization administrators by installing four built-in interfaces. In many situations, these interfaces provide adequate networking for virtualization hosts.

About the author

 

Rick Vanover, VCP, MCITP, MCTS, MCSA, is an IT infrastructure manager for Alliance Data in Columbus, Ohio. He is an IT veteran specializing in virtualization, server hardware, operating system support and technology management. Email him at vanover-rick@usa.net.


This was first published in February 2010

Dig deeper on Network virtualization

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchVMware

SearchWindowsServer

SearchCloudComputing

SearchVirtualDesktop

SearchDataCenter

Close