It is believed that the production enterprises can clearly see that with the rapid development of production scale and business, the input and use of the IT infrastructure is increasing, but also found that the hardware efficiency that is not effectively collated is also getting lower, which wastes it resources to a great extent. So how to reduce costs and improve efficiency has become a problem for many production enterprises to ponder. Chongqing Zheng Rui Technology Co., Ltd. as a partner of VMware, and is a mature solution for many years of virtualization manufacturers, today to share the VMware virtualization solution in the production enterprise's perfect deployment, so as to reduce costs and improve efficiency.
I. Analysis of the business involved in each link
The purpose of the business analysis is to find practical and effective solutions based on the business analysis of each segment. Business analysis requires it and business personnel to work together, to understand the strategic and business planning of the enterprise, need to stand in the business perspective, in the language of the business to collect, analyze, to ensure that the implementation of the solution for the enterprise to bring business benefits. This requires IT staff to understand the business environment, business operation processes, the development trend of the industry and other aspects of knowledge, while understanding the needs of business scalability, data security requirements, business continuity of the need for protection, and comprehensively consider a business system construction and operational requirements. For example, the Enterprise Mobile Office mobile application platform, as part of the information base platform, provides the company employees with the ability to access the company's internal system through the mobile terminal for business processing. The overall architecture can be divided into secure access authentication gateways, presentation tiers, application tiers, and data tiers that need to be compatible with iOS, Android, and other end environments.
second, the entire environment for the design of virtualization
Production enterprises in the implementation of virtualization technology, a server can be divided into a "virtual" machine, each can run its own operating system independently, thus avoiding the "one server, one application" island mode. The statistical results show that the utilization rate of computer resources is less than 25% in islanding mode. With virtualization technology, organizations can build a completely different infrastructure and manage servers more effectively. The ability to run different operating systems and application software on the same server allows the enterprise to coordinate the workload of the server. If there is a problem with a virtual system, the other one can be replaced immediately and continue to the same task.
The design of a virtualized application system usually needs to be designed in detail with network, system, database and security.
Compared to the network, such as mobile phone Office mobile application Platform selected 6 servers, each server is equipped with 4 network cards. This allows us to use distributed virtual switches, all of the ESXi server network cards are connected to the distributed virtual Switch, so that we can be global management, set up virtual machine network, storage network and management network, but also for the future set up the cluster, DRS settings, high availability and lay the foundation.
From the system, Linux is based on the Internet development and services for the cloud, the enterprise at the server level of the deployment of Linux systems, the greatest benefit is low cost, high performance, while open source can help enterprises to get rid of the constraints of a single vendor. At the enterprise-level server system level, choosing Red Hat and SuSE is a more secure approach, on the one hand, the functionality, stability is guaranteed, on the other hand can provide technical support, which will save a lot of trouble for the late operation of the enterprise. Of course, for enterprises, the deployment of Linux after all, according to their actual situation and needs to decide, there is no best, only the most appropriate. For mobile office systems, it is recommended that you choose Red Hat and SuSE.
From the database, the face of a wide variety of database products, the correct evaluation, selection and database technology itself is equally important. In general, the database vendors will show the best side of the product in the performance list and the Technical datum table, but avoid mentioning or concealing the product weakness, and the industry is already well known to the people. In fact, in the selection and evaluation process, the primary goal is to choose a can meet or exceed the predetermined requirements of the technology or solution. Second, the actual comparison test in the real environment can infer the expected performance of the database and estimate the cost. Common methods include balancing the migration, transferring the original data to another set of databases on the same or similar hardware, and then connecting the set of test objects with the real client. or the data generator for the real data model, set up a large amount of data, and then the client connection for testing. For example, for mobile phone office systems, database A is cheaper, and the cost of implementation is relatively low. But to achieve the expected level of service, the cost of hardware and maintenance is much higher. Conversely, the price of database B is higher, the risk of implementation is higher, the final cost is much higher, but because of its high technical level, relative hardware and maintenance costs will be much lower, so that the total cost of ownership will be low. As a result, the plan for database B is more favourable in the long run.
From a security point of view, virtualization is an operating system running in foreignness, and its unique security threat is that virtual machine mirroring can be stolen or tampered with vulnerable vulnerabilities in both a static and a running state, and the corresponding solution is to encrypt the virtual machine image at any time, but this can lead to performance issues. In environments with high security requirements or regulatory requirements, the (encrypted) performance cost is worthwhile; Another problem is that different levels of data (or virtual machines that store different levels of data) may be interleaved in the same physical machine, in terms of PCI (here, PCI-DSS, payment card Industry data security standards), We call this a hybrid implementation pattern. The solution is to use a combination of virtual LANs, firewalls, intrusion detection/intrusion prevention systems (IDS/IPS) to ensure virtual machine isolation to support hybrid implementation patterns. Data classification and policy-based management, such as DLP data breach protection, can also be used to prevent data clutter. In a cloud computing environment, the security of a minimum security tenant may become a common security for all tenants in a multitenant virtual environment. In this example, for the mobile phone Office system is located in the 6 virtual machine, the virtual machine based on isolation and policy protection to achieve the security of the application.
III. Implementation phase of the project
Before implementing a scenario, you need to evaluate and test:
1. Installing VMware ESXI 5.0
We simply follow the instructions of the Installation Wizard and the next step is to complete the system installation in about 30 minutes. You can then allocate resources on them to install virtual machines of various operating systems.
2. Installing VMware VCENTER 5.0
The installation process of the software is simple and is installed by default. Enter the software license serial number required during installation, which can be applied free of charge from the VMware Company's official website.
3. Installing VMware VCENTER Conveter5.0
To simplify the process of system migration, we also installed the VMware VCENTER Conveter5.0 on the server.
The software installation process is simple, all by default to install. It helps users simplify the process of converting between physical and virtual machines and virtual machine formats, as well as importing Microsoft's VIRTUALPC and Vsan-generated image files.
4. Installing VMware DATA RECOVERY
VMware Data Recovery supports fast backup to disk and, more importantly, enables fast and complete recovery to prevent data loss in virtual environments.
5. Simple performance evaluation
Due to the constraints, we are unable to perform regular server performance stress testing, only a few of the main performance of the server (CPU, memory, file system) for a simple performance comparison test. The test results show that the main performance index of the virtual machine system after migration has exceeded the performance index of the original physical system. Of course, we also note that in the test of the file system, the CPU occupancy of the virtual system is about 50%, which is 11% higher than the physical system 39%. This also proves that if the problem of system I/O virtualization cannot be solved, the virtual system cannot truly replace the physical system. But we believe that with the progress of technology, this day will soon come.
After 4 months of system selection, evaluation and testing, we confirm that the solution is feasible. and testing the vsphere ha cluster, DRS, and FT advanced fault tolerance, the next project is implemented in its own right. On average, we migrated 2 sets of old applications to the virtual system on a weekly basis, then observed for 1 weeks, and if not, you can determine the success of the system migration. All system migrations and test validations are expected to be completed within 2 months.
iv. cost and benefit analysis for enterprises
By deploying and implementing the virtualization of the mobile Office system, we have gained quite a few gains.
1, reduce the hardware procurement costs of the server. The system has a total of 6 physical servers, two period after the end of retirement, we actually new procurement server 2, of which 2 positive-core ZI22S5-14988HV server, 1 as a virtualization application integration platform, and another platform as a database. This allows us to buy fewer than 4 servers for the company. This can reduce hardware procurement costs. Taking into account the purchase cost of VMware virtualization software, the actual cost savings for the company.
2, reduce the system management costs, stop using the original 6 servers, the annual savings of the server management costs and software licensing costs, is a big number.
3, it also improves the server availability of the business system. Before implementing virtualization technology, if the server has a hardware failure, it usually takes 1-2 days to disable the hardware replacement. In a virtualized environment, if the server running the virtual system hardware failure, we only need to restore the backup of the virtual server configuration files and virtual hard disk image files to the new server, and restore the most recent data backup, you can restore the normal use of business systems. This time, usually within 4 hours. If you use the VMware vmotion feature, you can reduce this time to a few minutes or even seconds!
Finally, it improves the system performance of the old business system and reduces the cost of the system development and deployment. After the complete migration of the system, after the actual testing, all the performance of the business application migrated to the virtual system has been improved to a certain extent before the migration. Therefore, the hardware technology progress, has been able to a certain extent to compensate for the application of virtualization technology to bring about the performance of the loss of the system. Vmwarevirtual Enterprise Products ' powerful capabilities in snapshot management also significantly shorten our testing time before the development and deployment of new application systems. As a result of a mis-operation, it will take hours or even 1 of a day to rebuild the system.
v. Risk and safety
Existing risk notes:
1, the server virtualization process is the biggest change in the network architecture changes, network architecture changes will have a special security problem. Once virtualization is in place, all virtual machines are connected to the same or several virtual switches to communicate with the external network. So that the original firewall can be taken by the protection of the failure, if there is a virtual machine problem, security issues will spread over the network to other virtual machines.
2. Server virtualization can cause the virtualization host itself to be overloaded or the system server crashes, because after server virtualization, each server will support several important resource-intensive applications that compete for the same hardware server's bandwidth, memory, processor, and storage resources. In this process, these critical applications may experience network bottlenecks and performance problems, and may cause the server to be overloaded. A physical server crash after server virtualization is a more serious security issue because the server crashes and all applications are interrupted, and it is much more problematic than a single server crash in a regular environment that caused an application outage.
3, Hacker attacks, virtual machine overflow and virtual machine jump, virtual machine stolen will lead to the security risk of virtual environment. The last virtual machine migration and the communication between virtual machines will greatly increase the chances of the server being subjected to penetration attacks.
Tips: Choosing a high-quality solution for your business is critical.
Security Policy response:
1. Monitor the event logs and security events on the host and virtual machines and keep them properly for audit.
2, the principle of least privilege: Based on RBAC management authorization, to ensure that the individual responsibility is clear, such as VMware VCenter.
3. IT managers need to develop specific audit policies and processes for virtual machines, audit, track, and monitor virtual machines to prevent the spread of virtual machine vulnerabilities.
4. Application of monitoring tools: The aim is to have visibility into the management activities of virtualization. Monitor management operations that cause changes in the state of a virtual machine, detect unauthorized attempts to copy or "clone" virtual machines, monitor and limit virtualization "sprawl."
Vi. Summary of the entire production Enterprise program
For a production enterprise to continue and optimize and maintain after the virtualization deployment, in general, VMware will provide professional after-sales service, but as an enterprise, it is still required to continue to practice and manage it
How a production Enterprise deploys VMware virtualization Solutions