Monday
Jan282008

Cisco's Nexus and Data Center 3.0

I've spent a good part of this morning's pre-dawn hours reading (... ok ... skimming...) Cisco's announcements, data sheets and white papers addressing the newly announced Nexus switch, its new operating systems (NX-OS), and the new release of Data Center Network Manager (rel. 4.0).  I liked the InformationWeek take on the announcement.  A little bit hyperbolic, but there's a ring of truth here.

As we dig into the announcements, I know there will be more to say about the impact of Nexus on the industry and specifically about the virtualization of networks in the service of VMEs like VMware and Hyper-V.  (Oh... did you notice in the press release that the two organizations acknowledged as early users are Lawrence Livermore Labs and Microsoft?  That's Microsoft, not VMware.)


Cisco Pitches Virtual Switches For Next-Gen Data Centers -- Virtualization -- InformationWeek

But whereas the Catalyst 6500 is a jack-of-all-trades that can be a firewall, a load balancer, or a router depending on the blades plugged into it, the Nexus is aimed at just one job: virtualization.

Cisco's vision is one in which big companies off-load an increasing number of server tasks to network switches, with servers ultimately becoming little more than virtual machines inside a switch. The Nexus doesn't deliver that, but it makes a start, aiming to virtualize the network interface cards, host bus adapters, and cables that connect servers to networks and remote storage. At present, those require dedicated local area networks and storage area networks, with each using a separate network interface card and host bus adapter for every virtual server. The Nexus aims to consolidate them all into one (or two, for redundancy), with virtual servers connecting through virtual NICs.

Powered by ScribeFire.

Saturday
Jan052008

A POV On VMware's Site Recovery Manager

This is a good, high-level description and opinion regarding VMware's upcoming Site Recovery Manager (SRM). 

IT 2.0 Main Blog : Site Recovery Manager: what is it (going to be) good for?

...

Essentially SRM will be a sort of automated and programmed workflow. This product won't add any cool low-level new technology, it will "just" provide a workflow engine that you can program to execute the very manual steps you would execute today in a disaster scenario. This is a summary of what it should be able to do for you:

  • Integration of storage replication for minidisk synchronous/asynchronous alignments (Production site <-> DR site)
  • Automation of startup sequence / suspend at the remote site of virtual machines (this includes management of QoS / SLA's)
  • Network reconfiguration of virtual machines to comply with the (potentially) new IP schema in the DR site
  • Creation of a "sand-box" environment at the remote site in order to test you DR plan(s)

In case a disaster strikes, once you push that famous red-button described above, SRM will activate the mirrored LUN's at the remote site, it will restart the virtual machines on the DR site based on the programmed sequence and it will adjust (optionally) the IP settings of the vm's to fit into the new network schema (if it is different). Additionally SRM will allow you to "play" the plan on a regular basis for test purposes creating a snapshot of the production vm's and activating them in a sort of "network sand-box". I have over-simplified here a bunch of very complex activities. ...

Powered by ScribeFire.

Saturday
Jan052008

Extending Virtualization Security Issues to Configuration Management

Thanks to David Marshall at VMblog.com for drawing attention to this post by David Frith on SecurityPark.net.  The post is worth reading in its entirety, but I'm going to spoil the ending for you by giving you a few of its final paragraphs.

A couple of points worth emphasizing here which transcend the requirements of security, and address other elements of VME resilience and availability:

  • VMs that require like levels of security, reliability, availability and resilience need to be grouped together, managed as an assemblage and this has to remain uniform, especially when VM migration (e.g. VMotion) is utilized.
  • The security settings and configurations of the underlying virtual and physical networks need to be understandable by the administrators and network managers, which implies that unnecessary complexity be hidden and the burden assumed by automation.

Virtualisation: Why existing security measures are no longer enough - Security Park news
...

With potential attacks first compromising one VM and then spreading to others, each needs to be protected with secure policies configured and adapted as needed. Here existing vendor tools can be used in the partitioning, isolating and segmenting of each VM with resource management controls to allocate, schedule, monitor and cap resources as required. Such tools can ensure that the VMs that require like levels of security are grouped together and that controls are in place to stop any unauthorised replication.

...

Management tools are required to provision VMs as necessary together with their associated security settings, such tools also need to map interdependencies and data flows ensuring that with all the complexity administrators do not lose an understanding of their environment.  With VM’s being deployed and re-deployed, patching tools are also required.

...

The complexity and dynamic nature of virtualised environments means that new threats and vulnerabilities have appeared and will increasingly manifest themselves. Because traditional security practices only go so far new architectural models, design practices and security tools are required. The existing tools however are generally immature and not yet certified, while such vendors and their tools need to evolve, the market also needs to educate itself, raising awareness of potential issues, new vulnerabilities, evolving threats and where necessary pressuring the vendors to enhance their security offerings.

Powered by ScribeFire.

Saturday
Jan052008

The Hybrid Access Network and Disaster Recovery

I've enjoyed listening to and reading Dan Kusnetzky for some time, having first encountered him while I was starting up Univa and he was at IDC.  Given the Replicate Technologies' (RT) emphasis on providing a uniform view of the physical - virtual hybrid network, I find myself reading his blog more carefully.  (Hmm... physical-virtual hybrid network ... We definitely need a terminology doctor for THAT one.)

I was looking over his recent post, and got excited when, in the first paragraph, he identifies the role of virtualization in disaster recovery (DR) strategy, and the importance of managing addresses and configuration.  The let-down, however, was that after making that important statement, the remainder of the post was mostly about remediation ... problematic manual processes and reactive automation for optimally re-purposing resources.  I hope that he follows up on the theme.  It's perhaps time for us to have a conversation about how we at RT view the importance of network addressing, storage addressing and the configuration of the hybrid access network.

Disaster recovery means rolling back the clock | Virtually Speaking | ZDNet.com

A Kusnetzky Group client and I had a rather intense discussion about the role virtualization technology could play in a disaster recovery strategy. Although the strategy this organization was currently pursuing appeared to be based upon sound foundations, it didn’t go far enough. This organization really didn’t have a plan to address the need to change network addresses, storage addresses and a number of other configuration issues found in the physical world. ... (my emphasis)

Powered by ScribeFire.

Saturday
Jan052008

Classical Music's Doping Scandal

This just in... too funny.

Newsflash at think denk

(Washington, DC) Former Senator George J. Mitchell released a blistering report Thursday that tied 89 performers of so-called “Classical Music,” including Mitsuko Uchida, to the use of illegal, non-musical cultural performance-enhancers. The report used informant testimony and supporting documents to provide a richly detailed portrait of what Mr. Mitchell described as “classical music’s thinking era.

The Mitchell report ran about 400 pages and was based on interviews with more than 700 people, including 60 former “classical” musicians, and 115,000 pages of documents. ...

Powered by ScribeFire.