Network consolidation can help a virtual infrastructure run more efficiently and cost-effectively. With consolidation, administrators can have fewer network peripherals and ports to purchase and manage -- while boosting network and server performance. But network consolidation comes with potential downsides, such as security concerns.
The first of this two-part series on network design principles for virtualization focused on server virtualization hardware and storage protocols. Now, in part two, I discuss the pros and cons of network consolidation and virtualization.
Converged network adapters bring network consolidation
Converged network adapters (CNAs) are new to the virtualization landscape and provide I/O and network consolidation. A CNA stacks Ethernet and storage protocols into one adapter on the virtualization host, reducing the amount of equipment you need to purchase and manage.
One CNA, for example, can perform the duty of being an Ethernet interface (up to 10 GB) on which the iSCSI storage protocol and Fibre Channel over Ethernet (FCoE) connectivity can also be used. Architecturally, the CNA consolidates endpoint connectivity on a server and its associated switch infrastructure.
If a virtualization host uses a CNA for connecting to each Fibre Channel, Ethernet and iSCSI storage network, there would be one device installed either as a dual-port unit or two single-port units for redundancy. And there would be converged switches instead of separate storage switches for Fibre Channel and networking.
Network consolidation and virtualization product overview
Hewlett-Packard Co. and Cisco Systems Inc. have recently released products to help address I/O connectivity requirements for large virtualization installations. Cisco Systems Inc.'s Unified Computing System uses fabric interconnects and fabric extenders to the virtualization host to get around the centralized switching component requirement. Figure 1 shows the Cisco architecture:
HP Flex Fabric consolidates Ethernet, Virtual Ethernet Port Aggregation, FCoE and Converged Enhanced Ethernet -- arguably a more attractive long-term offering, thanks to the popularity of HP ProLiant servers for virtualization hosts. When it comes to blade servers for virtualization hosts, role, HP VirtualConnect reduces connectivity requirements.
InfiniBand technologies are another option for network consolidation and virtualization. They use high-performing media to consolidate storage and networking and have been in the market longer than the above-mentioned products from Cisco and HP.
For VMware virtualization, administrators who want to minimize cabling to virtualization hosts or need to consolidate their switching infrastructure have several options. One key player is the Xsigo Systems Inc.'s I/O Director, which connects the VMware host via the InfiniBand interface and can provision numerous resources.
Xsigo I/O Director has 15 slots to provision up to 24 InfiniBand ports. Depending on the number of hosts and desired interfaces, it can consolidate I/O enough to reduce costs. For VMware installations, I/O Director also lets you manage the provisioning of VMware network interface controller (vmnic) and VMware host bus adapter (vmhba) resources from within the vSphere Client.
Network consolidation security concerns
For the virtualization purist, consolidating I/O through unified fabrics or CNAs is great, because it reduces device and cabling requirements and utilizes more of the provisioned infrastructure. This bang for the buck is nice, but when one media is responsible for transporting all the critical protocols, security issues come into play.
On several occasions, guests have discussed these concerns during the "Virtualization Security Round Table Podcast." These podcasts dissect what virtualized I/O really means from a security perspective. Fully separating security and management zones in both networking and storage is critical.
Despite these security concerns, the good news is that as you design a virtualized infrastructure, there are plenty of options. Generally speaking, you should consider these factors when selecting networking equipment for your virtualization environment:
- Security requirements
- Number of I/O points
- Performance requirements
Server manufacturers have done a favor for most virtualization administrators by installing four built-in interfaces. In many situations, these interfaces provide adequate networking for virtualization hosts.
About the author
Rick Vanover, VCP, MCITP, MCTS, MCSA, is an IT infrastructure manager for Alliance Data in Columbus, Ohio. He is an IT veteran specializing in virtualization, server hardware, operating system support and technology management. Email him at firstname.lastname@example.org.