REFERENCE ARCHITECTURE Enterprise Data Center Infrastructure June 2019 Deploying IBM Cloud Private for Data* on VMware vSAN ReadyNodes* Authors 1. Executive Summary IBM Cloud Private for Data* is a scalable cloud platform that runs on enterprise Karol Brejna infrastructure and facilitates multi-cloud deployments. It extends the IBM Cloud Senior Architect, Private* foundation with powerful tools for data management and analytics. It is Data Center Group (DCG), Intel built on open source frameworks and provides the following foundational services: Lokendra Uppuluri • Multi-cloud management and orchestration Senior Architect, Data Center Group (DCG), Intel • Microservices architecture that allows for analytics as a service (AaaS) Malgorzata Rembas • Containerization for easy, consistent deployment of artificial intelligence (AI) Cloud Solutions Architect, and analytics algorithms Data Center Group (DCG), Intel • Infrastructure and administration user accounts, security, logging, and monitoring • Data-virtualization technology that helps access, govern, and analyze data irrespective of where it resides • Effective operationalization of analytics and AI: data ingestion, data preparation, AI and analytics, and visualization The Intel® Reference Solution for IBM Cloud Private for Data provides an integrated and extensible analytics platform with all the tools and services necessary to navigate multiple clouds, effectively harness data, and extract value using powerful analytics and AI tools. The combination of IBM Cloud Private for Data and VMware vSAN* on Intel® hardware can provide an economical, enterprise-grade way forward for digital transformation. In addition, the Intel Reference Solution for IBM Cloud Private for Data enables you to quickly deploy a performance-optimized infrastructure built on Intel® Xeon® Scalable processors, Intel® 3D NAND Solid State Drives (SSDs), Intel® Optane™ DC SSDs, and the Intel® Ethernet 700 Series. This reference architecture (RA) will show you how to prepare, provision, deploy, and manage an IBM Cloud Private for Data solution. The intended audience for this RA includes system administrators and system architects. Some experience with Docker* and Kubernetes* is recommended. 2. IBM, Intel, VMware, Docker*, and Kubernetes* Beyond IBM Cloud Private for Data software and Intel hardware, the Intel Reference Solution for IBM Cloud Private for Data harnesses the power of VMware vSAN ReadyNodes*, Docker containers, and Kubernetes container orchestration to provide a comprehensive, reliable cloud solution. Reference Architecture | Deploying IBM Cloud Private for Data* on VMware vSAN ReadyNodes* Contents 2.1 IBM Cloud Private for Data IBM Cloud Private for Data is based on IBM Cloud Private, which is a scalable 1. Executive Summary ..............1 cloud platform that is built on a container architecture based on Kubernetes. IBM Cloud Private includes management services like logging, monitoring, 2. IBM, Intel, VMware, Docker*, access control, and event management, and it brings cloud-native container and Kubernetes* .................1 capabilities to enterprise IT for all container use cases. IBM Cloud Private for 2.1 IBM Cloud Private for Data .....2 Data extends IBM Cloud Private to provide integrated data management and AI/ analytics capabilities, including: 2.2 Intel® Hardware ...............2 • Multi-cloud-based compute—rapid deployment, lower operating 2.3 VMware vSAN ReadyNodes ....2 expenditures (OpEx), elasticity, scalability, and choice 2.4 Docker Containers ............2 • Microservices architecture—allows for Architecture-as-a-Service 2.5 Kubernetes ...................2 • Containerization—easy, consistent deployment of AI and 3. Intel Reference Solution for analytics algorithms IBM Cloud Private for Data • Infrastructure and administration—user accounts, security, logging, System Architecture ..............2 and monitoring 3.1 IBM Cloud Private* Cluster Overview ..............3 2.2 Intel® Hardware 3.2 IBM Cloud Private for Intel and IBM chose Intel Xeon Scalable processors for the Intel Reference Data Architecture .............3 Solution for IBM Cloud Private for Data because these processors support the most demanding workloads. Beyond compute based on Intel Xeon Scalable 4. Intel Hardware Details ............8 processors, the Intel Reference Solution for IBM Cloud Private for Data uses the 4.1 2nd Generation Intel® Xeon® Intel SSD Data Center Family and Intel Optane DC SSDs for performant all-flash Scalable Processors ...........8 storage and Intel® Ethernet Network Adapters for low-latency performance across the storage, management, and virtualization networks that undergird 4.2 Intel® Ethernet Network the solution. Adapter X710 .................8 4.3 Intel® Data Center SSDs .......9 2.3 VMware vSAN ReadyNodes 5. Configuration Details .............9 The Intel Reference Solution for IBM Cloud Private for Data uses VMware vSAN ReadyNodes to deliver hyperconverged infrastructure and serve as the 5.1 Step 1: Prepare the foundation for a transformed, software-defined data center. Verified Intel Environment for solutions—such as the Intel Reference Solution for IBM Cloud Private for Data— VMware vSphere and are built on hardware certified for VMware vSAN ReadyNode* and are tightly VMware vSAN* ................9 specified by Intel and VMware to deliver balanced and optimized performance. 5.2 Step 2: Install IBM Cloud 2.4 Docker Containers Private Cluster ................9 Docker containers provide lightweight, standalone, executable software 5.3 Step 3: Install IBM packages that provide everything needed to run an application, regardless of Cloud Private for Data the infrastructure or operating system. Core Components Including Extensions ..........9 2.5 Kubernetes 6. Cluster Verification ..............12 IBM Cloud Private provides an open container platform based on Kubernetes for orchestration that is extended to and made use of by IBM Cloud Private for 6.2 Prepare the Test .............12 Data. The platform enables automated deployment, scaling, and management 7. Summary and Conclusions .......13 of containerized applications. Appendix A .......................14 3. Intel Reference Solution for IBM Cloud Private for Data A.1 Configuring System Architecture VMware vSphere .............14 The Intel Reference Solution for IBM Cloud Private for Data utilizes IBM Cloud A.2 VMware vSAN Provisioning Private as an underlying infrastructure. The architecture discussion in the and Orchestration ...........16 following section introduces IBM Cloud Private architecture followed by IBM Appendix B .......................16 Cloud Private for Data architecture, with emphasis on the latter. B.1 Networking Details ..........21 B.2 Monitoring, Logging, and Metering in IBM Cloud Private. .22 B.3 Network Configuration .......24 2 Reference Architecture | Deploying IBM Cloud Private for Data* on VMware vSAN ReadyNodes* 3.1 IBM Cloud Private* Cluster Overview Helm* is the open source component, which is essential to the IBM Cloud Private platform. It is the package- An IBM Cloud Private cluster has four main classes of nodes: management system native to Kubernetes, which is used for • Boot Node—Used for running installation, configuration, application management inside an IBM Cloud Private cluster. node scaling, and cluster updates These Kubernetes packages are called charts, and they contain the details about your application. Helm can create • Master Node—Provides management services and new charts from scratch, package them into archive TGZ files, controls the worker nodes in a cluster; master nodes host interact with repositories where charts are stored, install and processes that are responsible for resource allocation, uninstall them into Kubernetes clusters, and manage their state maintenance, scheduling, and monitoring release cycles. • Worker Node—Provides a containerized environment Other components of an IBM Cloud Private cluster work for running tasks; as demands increase, you can easily alongside these main components to provide services such as add more worker nodes to your cluster to improve authentication, storage, networking, logging, and monitoring. performance and efficiency A cluster-management console is also provided, which allows • Proxy Node—Transmits external requests to the services for centralized management of these services. created inside your cluster Figure 2 shows the IBM Cloud Private system architecture IBM Cloud Private clusters can also have two optional with nodes in virtual machines (VMs) on VMware ESXi* types of nodes: servers based on Intel hardware. • Management Node—Hosts management services such 3.2 IBM Cloud Private for Data Architecture as monitoring, metering, and logging IBM Cloud Private for Data is composed of pre-configured • Vulnerability Advisor (VA) Node—Used for running VA microservices that run on a multi-node IBM Cloud Private services, which can be resource intensive cluster. The microservices enable you to connect to your data sources so that you can catalog, govern, explore, 3.1.1 IBM Cloud Private Components profile, transform, and analyze your data from a single IBM Cloud Private provides a container runtime (Docker) and web application. a container orchestration platform (Kubernetes), along with an integrated layer of additional services. Admin Management console (router) VIP manager Logging and monitoring Image management App Center Authentication VIP Authentication Calico* policy controller UCarp Elasticsearch* Image manager Unified router manager