Cloud Infrastructure and Services Version 2 Lab Guide
October 2014
EMC2 PROVEN PROFESSIONAL
Copyright
Copyright © 1996, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012 2013, 2014 EMC Corporation. All Rights Reserved. EMC believes the information in this publication is accurate as of its publication date. The information is subject to change without notice.
THE INFORMATION IN THIS PUBLICATION IS PROVIDED “AS IS.” EMC CORPORATION MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Use, copying, and distribution of any EMC software described in this publication requires an applicable software license.
EMC2, EMC, Data Domain, RSA, EMC Centera, EMC ControlCenter, EMC LifeLine, EMC OnCourse, EMC Proven, EMC Snap, EMC SourceOne, EMC Storage Administrator, Acartus, Access Logix, AdvantEdge, AlphaStor, ApplicationXtender, ArchiveXtender, Atmos, Authentica, Authentic Problems, Automated Resource Manager, AutoStart, AutoSwap, AVALONidm, Avamar, Captiva, Catalog Solution, C-Clip, Celerra, Celerra Replicator, Centera, CenterStage, CentraStar, ClaimPack, ClaimsEditor, CLARiiON, ClientPak, Codebook Correlation Technology, Common Information Model, Configuration Intelligence, Configuresoft, Connectrix, CopyCross, CopyPoint, Dantz, DatabaseXtender, Direct Matrix Architecture, DiskXtender, DiskXtender 2000, Document Sciences, Documentum, elnput, E-Lab, EmailXaminer, EmailXtender, Enginuity, eRoom, Event Explorer, FarPoint, FirstPass, FLARE, FormWare, Geosynchrony, Global File Virtualization, Graphic Visualization, Greenplum, HighRoad, HomeBase, InfoMover, Infoscape, Infra, InputAccel, InputAccel Express, Invista, Ionix, ISIS, Max Retriever, MediaStor, MirrorView, Navisphere, NetWorker, nLayers, OnAlert, OpenScale, PixTools, Powerlink, PowerPath, PowerSnap, QuickScan, Rainfinity, RepliCare, RepliStor, ResourcePak, Retrospect, RSA, the RSA logo, SafeLine, SAN Advisor, SAN Copy, SAN Manager, Smarts, SnapImage, SnapSure, SnapView, SRDF, StorageScope, SupportMate, SymmAPI, SymmEnabler, Symmetrix, Symmetrix DMX, Symmetrix VMAX, TimeFinder, UltraFlex, UltraPoint, UltraScale, Unisphere, VMAX, Vblock, Viewlets, Virtual Matrix, Virtual Matrix Architecture, Virtual Provisioning, VisualSAN, VisualSRM, Voyence, VPLEX, VSAM-Assist, WebXtender, xPression, xPresso, YottaYotta, the EMC logo, and where information lives, are registered trademarks or trademarks of EMC Corporation in the United States and other countries.
All other trademarks used herein are the property of their respective owners.
© Copyright 2014 EMC Corporation. All rights reserved. Published in the USA.
Revision Date: 10-17-2014 Revision Number: 1.0 MR-1CP-CISV2
EMC2 PROVEN PROFESSIONAL
Document Revision History
Rev # File Name Date
1.0 First Release 10/17/2014
2 EMC PROVEN PROFESSIONAL 3
This page intentionally left blank.
2 EMC PROVEN PROFESSIONAL 4
Table of Contents
COPYRIGHT ...... 2 DOCUMENT REVISION HISTORY ...... 3 LAB 1: CLOUD INFRASTRUCTURE LAYERS ...... 7 LAB 2: SERVICE MANAGEMENT AND SECURITY ...... 13
2 EMC PROVEN PROFESSIONAL 5
This page intentionally left blank.
2 EMC PROVEN PROFESSIONAL 6
Lab 1: Cloud Infrastructure Layers
Purpose: To reinforce the concepts presented in the lecture portion of the course, module 1 through module 6.
Tasks: Participants are required to provide a solution for the deliverables based on the given scenario and requirements.
References: Module: Introduction to Cloud Computing Module: Building the Cloud Infrastructure Module: Physical Layer Module: Virtual Layer Module: Control Layer Module: Service and Orchestration Layers
2 EMC PROVEN PROFESSIONAL 7
Company Profile
A financial organization has 6000 employees and provides services to more than 20 million customers. To deliver IT services to its business units, the organization operates two data centers at two different geographic locations. The data centers run their business applications on more than 300 physical compute systems. The infrastructure components (compute systems, network devices, and storage devices) are heterogeneous in nature. Some of the applications are proprietary (developed in‐ house by the organization) and some of them are off‐the‐shelf.
Organization’s Challenges
Over the past 10 years, the organization has made several strategic investments to build its market share. However, the organization is now facing a challenge to cope with the fast changing demands of customers about services provided by the organization. These demands are forcing the organization to develop and deploy several new applications and make the services available to the customers rapidly. With the current infrastructure, rapid deployment of application is very difficult. The utilization of the compute systems, network, and storage is less than 20 percent of the available capacity. Also, deploying a new application takes a long time because it involves purchasing new compute systems, installing software, configuring network and storage, and configuring security.
Continued on next page
2 EMC PROVEN PROFESSIONAL 8
Deliverables
The organization wants to transform their existing data center to cloud infrastructure to leverage the benefits of cloud. They would like to build the cloud infrastructure by repurposing their existing infrastructure. After deploying new services to the consumers the organization is expecting cloud burst to occur from time to time. They do not want to invest money on the infrastructure to provision resources to meet the requirements of the occasional increase in the peak workload.
The organization plans to develop several new applications to offer new services to their customers. The proprietary application provides the organization competitive advantage and they therefore want to set up an environment for it on their infrastructure. They also require the environment to enable development, testing, and deployment of scalable applications in an agile manner. They also want to set up an environment to deploy the proprietary and off‐the‐shelf applications.
As the existing infrastructure is heterogeneous nature, the organization requires the ability to automate the provisioning and configuration tasks based on defined policies. The organization requires the ability to dynamically, uniformly, and easily modify and manage their infrastructure. Also, the organization requires the ability to discover the available underlying resources and provides an aggregated view of the resources.
Continued on next page
2 EMC PROVEN PROFESSIONAL 9
Solution:
The organization needs to deploy the virtual, control, orchestration, and service layers on the existing physical layer to build the cloud infrastructure.
Following points details how different layers and approach address the organization’s challenges:
1. Deploying virtual layer: a. Enables improving the utilization of infrastructure components i. With the help of VMs, VLANs, VSANs, thin LUNs and so on b. Enables rapid deployment of compute systems for applications i. With the help of VM template and virtual appliance 2. Deploy orchestration layer: a. Enables automated provisioning and configuration of tasks based on defined policies 3. Software‐defined approach: a. Ability to dynamically, uniformly, and easily modify and manage their infrastructure b. Ability to discover the available underlying resources and provides an aggregated view of the resources 4. Brownfield deployment option and integrating best‐of‐breed cloud infrastructure components a. Enable repurposing their existing infrastructure to build the cloud 5. Hybrid deployment model a. Enable accommodating increased peak workload that may occur from time to time
Continued on next page
2 EMC PROVEN PROFESSIONAL 10
6. Platform as a Service a. Enable development and testing of scalable applications in an agile manner 7. Infrastructure as a Service a. Enable deployment of proprietary and off‐the‐shelf applications
End of Lab 1
2 EMC PROVEN PROFESSIONAL 11
This page intentionally left blank.
2 EMC PROVEN PROFESSIONAL 12
Lab 2: Service Management and Security
Purpose: To reinforce the concepts presented in the lecture portion of the course, Module 8: Security and Module 9: Service Management
Tasks: Participants are required to provide a solution for the deliverables based on the given scenario and the requirements.
References: Module: Security Module: Service Management
2 EMC PROVEN PROFESSIONAL 13
Scenario
A cloud service provider uses 50 percent of its data center equipment to setup a cloud infrastructure. The remaining equipment is used for internal operations and for testing. The cloud infrastructure consists of a hypervisor cluster. A resource pool is created by aggregating the available resources of the hypervisor cluster. The cloud infrastructure is used to provide compute services. The services are allocated necessary processing power and memory resources from the resource pool.
The hypervisor cluster is composed of 10 identical physical compute systems containing 2 redundant (passive) compute systems. This means that the cluster can absorb up to two compute system failures and continue to support all services at the same level of performance. The available processing power and memory per physical compute system in the cluster is equal to 19.2 GHz and 64 GB respectively. The existing resources in the data center can meet capacity requirement of services in short‐term. However, the provider should procure and provision additional resources as required to avoid the capacity issues in future. Further, the provider is concerned about security attacks that may compromise the hypervisors running on the physical compute systems. The provider should take control measures to protect against such attacks.
Continued on next page
2 EMC PROVEN PROFESSIONAL 14
The capacity management process in a service provider’s organization is shown in the figure. The process comprises several activities, shown in rectangular boxes. The process also consists of conditions. They allow the process to branch into different directions, depending on whether the conditions are met or not.
Given: The thresholds for over utilization and underutilization of resources are 70 percent and 40 percent utilization of total resource capacity respectively. These are used to determine whether the resource pool is over utilized or underutilized.
Continued on next page
2 EMC PROVEN PROFESSIONAL 15
Deliverables
Establish the required capacity management activities marked by ‘X1’ and ‘X2’ in the figure for below cases:
Case 1: Processing power already allocated to services from the resource pool is equal to 32.8 GHz and memory capacity already allocated to services from the resource pool is equal to 123 GB Case 2: Processing power already allocated to services from the resource pool is equal to 88.2 GHz and memory capacity already allocated to services from the resource pool is equal to 320 GB
List the control measures that can address the provider’s security concern.
Continued on next page
2 EMC PROVEN PROFESSIONAL 16
Solution for Case 1
Number of compute systems in the cluster is equal to 10 (8 active and 2 redundant) Total processing capacity of resource pool = 8 * 19.2 GHz = 153.6 GHz Total memory capacity of resource pool = 8 * 64 GB = 512 GB Utilization (%) of processing capacity of resource pool = (32.8/153.6)*100 = 21.4 % Utilization (%) of memory capacity of resource pool = (123/512)*100 = 24 % As the resources are underutilized (<40%), activity X1 needs to be carried out Activity X1: o Transfer some of the underused compute systems to another environment that is under‐resourced o Reduce the size of resource pool, ensuring that resource utilization is within the normal utilization limits (>40% and <70%)
Continued on next page
2 EMC PROVEN PROFESSIONAL 17
Solution for Case 2
Available processing capacity of resource pool = 8 * 19.2 GHz = 153.6 GHz Available memory capacity of resource pool = 8 * 64 GB = 512 GB Utilization (%) of processing capacity of resource pool = (88.2/153.6)*100 = 57.4 % Utilization (%) of memory capacity of resource pool = (320/512)*100 = 62.5 % Although, resource utilization is within the normal utilization limits (>40% and <70%), enough resources are not available to satisfy the future demand for capacity. Hence, activity X2 needs to be carried out. Activity X2: o Determine current capacity reserves o Establish capacity consumption trends o Forecast future demand for capacity o Plan for procurement and provisioning of additional capacity
Continued on next page
2 EMC PROVEN PROFESSIONAL 18
Solution for Security
Control measures to protect hypervisors against attacks are: o Install security‐critical hypervisor updates when they are released by the hypervisor vendor o Harden hypervisor o Access to hypervisor management server should be restricted to authorized administrators o Encrypt network traffic when managing remotely o Deploy firewall between the management system and the rest of the network o Rotate or delete log files when they reach a certain size to protect against denial of service
End of Lab 2
2 EMC PROVEN PROFESSIONAL 19
This page intentionally left blank.
2 EMC PROVEN PROFESSIONAL 20