Shulou(Shulou.com)05/31 Report--

How to interpret the VMware virtualization design and deployment of enterprise production system, in view of this problem, this article introduces the corresponding analysis and solution in detail, hoping to help more partners who want to solve this problem to find a more simple and feasible method.

With the development of enterprise business and the deepening of application, the design of production system is becoming more and more complex, and IT infrastructure is also increasing and expanding, which makes the functions of hardware and software systems more and more powerful. However, the aging software and hardware and bad running environment will lead to the decline of server performance and efficiency, and then restrict the development of application systems. Through virtualization technology, we can make more effective use of computer resources, flexibly update software, data and hardware operating platforms, and centrally monitor, manage and maintain all kinds of loose resources, which greatly simplifies the operation of IT and improves the efficiency of management.

So for the specific application system of the enterprise, how to do the virtualization design and deployment? The following will be combined with the actual case to carry out and interpretation.

I. Business analysis and technical analysis

Business analysis is to find solutions to the business problems faced by enterprises. Business analysis requires IT and business department personnel to work together, needs to understand the enterprise strategy and business planning, and needs to collect and analyze the requirements in the business language from the business point of view, in order to ensure that the implementation of the solution brings business benefits to the enterprise. This requires IT personnel to understand the business environment, business operation process, and the development trend of the industry, as well as the requirements of business scalability, data security and business continuity, and comprehensively consider the construction and operation requirements of a business system.

In addition, from the perspective of technical analysis, generally speaking, for most graphics, image and video processing, database servers and scientific computing applications that occupy relatively high resources, these are not suitable for virtualization (because heavy-duty applications that occupy high resources are generally not suitable for sharing server hardware resources with other applications). In multiple application systems of an enterprise, although an application (such as requiring a high-performance database server) cannot be virtualized, most other applications can be virtualized.

For example, the enterprise mobile office mobile application platform, as a part of the basic information platform, provides employees with the ability to access the company's internal system through mobile terminals for business processing, and its hardware load is relatively low. can be virtualized design and deployment. Its overall architecture can be divided into secure access authentication gateway, presentation layer, application layer and data layer, which needs to be compatible with IOS, Android and other terminal environments.

II. Virtualization design

With the help of virtualization technology, a server can be divided into several "virtual" machines, each of which can run its own operating system independently, thus avoiding the island mode of "one server, one application". The statistical results show that in the island mode, the utilization rate of computer resources is only less than 25%. With virtualization technology, enterprises can build a completely different underlying environment to manage servers more effectively. The ability to run different operating systems and applications on the same server allows enterprises to coordinate the workload of the server. If there is something wrong with one virtual system, the other can replace it immediately and continue to complete the same task.

The virtualization design of an application system usually needs to be designed in detail with the combination of network, system, database and security.

Compared with the network, for example, the mobile office mobile application platform selects six servers, each of which is equipped with four network cards. In this way, we can use the distributed virtual switch to connect all the ESXI server network cards to the distributed virtual switch, so that we can manage globally, set up the virtual machine network, storage network and management network, and lay a foundation for setting up clusters, DRS settings, high availability and so on.

Systemically, Linux is developed based on the Internet and serves for the cloud. Enterprises deploy Linux systems at the server level. The biggest advantage is low cost and high performance. At the same time, open source can help enterprises get rid of the shackles of a single vendor. At the enterprise server system level, it is safe to choose Red Hat and SUSE. On the one hand, it is functional and stable, and on the other hand, it can provide technical support, which will save a lot of trouble for the later operation of the enterprise. Of course, for enterprises, which Linux to deploy should be decided according to their actual situation and needs, there is no best, only the most suitable. For the mobile office system, it is recommended to choose Red Hat and SUSE.

From the database, in the face of a wide variety of database products, how to have a discerning eye and choose the database products that are suitable for you? As we all know, correct evaluation and selection are as important as database technology itself. In general, database manufacturers will try their best to show the best side of the product in the performance list and technical matrix, but avoid mentioning or covering up the product weakness, which is already well known in the industry. In fact, in the process of selection and evaluation, the primary goal is to select a technology or solution that can meet or even exceed the predetermined requirements. Second, only through the actual comparative testing in the real environment can we infer the expected performance of the database and the cost of evaluation. Common methods include balanced migration, transferring the original data to another set of databases on the same or similar hardware, and then connecting to this set of test objects with a real client. Or use the data generator to build a large amount of data for the real data model, and then test the client connection. For example, for mobile office systems, database An is cheap and the cost of implementation is relatively low. However, in order to achieve the expected service level, the cost of hardware and maintenance is much higher. On the contrary, database B is more expensive and risky to implement, so the final cost is much higher, but because of its high level of technology, the relative hardware and maintenance costs are much lower, so the total cost of ownership will be lower. As a result, the solution of database B is more beneficial in the long run.

In terms of security, virtualization is an operating system running in guest mode, and its unique security threats are: virtual machine images may be stolen or tampered with vulnerable vulnerabilities both at rest and running state. the corresponding solution is to encrypt the virtual machine image at any time, but this will lead to performance problems. In environments with high security requirements or regulatory requirements, the performance cost is worthwhile; another problem is that different levels of data (or virtual machines storing different levels of data) may be interlaced in the same physical machine, which is called hybrid implementation mode in the PCI (in this case, PCI-DSS, payment card industry data security standard) provisions. The solution is to recommend a combination of virtual local area network, firewall, and * * detection / * protection system (IDS/IPS) to ensure virtual machine isolation to support mixed implementation mode. You can also use data classification and policy-based management (for example, DLP data breach protection) to prevent data mixing. In a cloud computing environment, the security of a tenant with minimum security protection may be common to all tenants in a multi-tenant virtual environment. In this example, the application security is realized based on virtual machine isolation and policy protection for the six virtual machines where the mobile office system is located.

III. Project implementation

Before implementing the programme, you need to evaluate and test:

1. Install VMWare ESXI 5.0

We just need to simply follow the instructions of the installation wizard, and the next step is fine. The system installation will take about 30 minutes to complete. Resources can then be allocated on it to install virtual machines of various operating systems.

two。 Install VMWare VCENTER 5.0

The installation process of the software is very simple, and all the software is installed by default. Enter the software license serial number required during the installation process, which can be applied for free from VMWare's official website.

3. Install VMware VCENTER Conveter5.0

In order to simplify the steps of system migration, we also use VMware VCENTER Conveter5.0

Installed on the server.

The installation process of the software is very simple, and all the software can be installed by default. It can help users simplify the conversion process from physical machine to virtual machine and the format of virtual machine and import the image files generated by Microsoft VirtualPC and Virtual Server.

4. Install VMware DATA RECOVERY

VMware DATA RECOVERY supports fast backup to disk and, more importantly, it supports fast and full recovery to prevent data loss in virtual environments.

5. Simple performance evaluation

Due to limited conditions, we can not conduct a formal server performance stress test, we can only conduct a simple performance comparison test on several major server performance (CPU, memory, file system). The test results show that the main performance index of the migrated virtual machine system has comprehensively exceeded the performance index of the original physical system. Of course, we also noticed that in the file system test, the CPU occupancy rate of the virtual system was about 50%, which was 11% higher than that of the physical system. This also proves that if we can not solve the problem of the virtualization of the system, the virtual system can not completely replace the physical system. However, we believe that with the progress of technology, this day will come soon.

After 4 months of system selection, evaluation and testing, we confirm that the scheme is feasible. And the advanced fault-tolerant functions of VSPHERE HA cluster, DRS and FT are tested, and the concrete implementation of the next project is natural. We migrate an average of 2 sets of old applications to the virtual system per week, and then observe for one week. If there are no anomalies, we can confirm that the system migration is successful. The migration and test verification of all systems are expected to be completed within 2 months.

IV. Cost and benefit analysis

Through the deployment and implementation of the virtualization of the mobile office system, we have gained a lot.

First of all, the hardware purchase cost of the server is reduced. There are six physical servers in the system, which are scrapped after the second phase overinsurance. we have actually purchased two new servers, including one DELL 710server as the virtualization application integration platform and one DELL 910server as the database platform. The purchase fee for the two servers is 80,000 yuan. In this way, we bought four fewer servers for the company. According to the average purchase cost of RMB 40, 000 per server, the company saves a total of RMB 160000 in hardware procurement cost. Considering the purchase cost of VMWare virtualization software, it actually saves the purchase cost of more than 200,000 yuan for the company. Second, it reduces the cost of system management, and the annual savings in server management costs and software licensing fees after the decommissioning of the original six servers is also a large number. Third, it also improves the server availability of the business system. Before implementing virtualization technology, if a hardware failure occurs on the server, it usually takes 1-2 days to deactivate for hardware replacement. In a virtualized environment, if there is a hardware failure on the server running the virtual system, we only need to restore the configuration files and virtual hard disk image files of the backed up virtual server to the new server and restore the last data backup to restore the normal use of the business system. This time is usually less than four hours. If you use the VMWare VMotion feature, you can reduce this time to a few minutes or even seconds!

Finally, the system performance of the old business system is improved and the cost of system development and deployment is reduced. After the completion of the overall migration of the system, after actual testing, the performance of all the business applications migrated to the virtual system has been improved to a certain extent compared with that before the migration. Therefore, the progress in hardware technology has been able to make up for the performance loss of the application system caused by virtualization technology to a certain extent. The powerful snapshot management capabilities of VMwareVirtual Enterprise products also greatly shorten our testing time before new application development, deployment and implementation. Gone are the days when it took hours or even a whole day to rebuild the system because of a misoperation.

V. risk and security

The biggest change in the process of server virtualization is the change of network architecture, which will lead to special security problems. After adopting the virtualization technology, all virtual machines are centrally connected to the same virtual switch or several virtual switches to communicate with the external network, so that the protective measures that can be taken through the firewall will fail. If there is a problem with one virtual machine, the security problem will spread to other virtual machines through the network. In addition, server virtualization may lead to overload of the virtualized host itself or collapse of the system server, because after server virtualization, each server will support several important resource-intensive applications. These applications will compete for resources such as bandwidth, memory, processor and storage of the same hardware server. In the process, these key applications may encounter network bottlenecks and performance problems. And may cause the server to be overloaded. The physical server crash after server virtualization is a more serious security problem, because the server crashes and all applications will be interrupted, which is much more serious than the problem caused by an application interruption caused by a server crash in a conventional environment. Secondly, virtual machine overflow and virtual machine jump, virtual machine theft will lead to the security risk of the virtual environment. Finally, virtual machine migration and communication between virtual machines will greatly increase the chances of servers suffering from *.

The security policy should:

1) monitor event logs and security events on hosts and virtual machines and store them properly for audit.

2) the principle of minimum authority: manage authorization based on RBAC; ensure that individual responsibilities are clear, such as VMware VCenter.

3) IT managers need to develop special audit policies and processes for virtual machines to audit, track and monitor virtual machines to prevent the spread of virtual machine vulnerabilities.

4) Application of monitoring tools: the aim is to have visibility into virtualized management activities. Monitor management operations that cause changes in the state of virtual machines, detect unauthorized attempts to copy or "clone" virtual machines, and monitor and limit the "spread" of virtualization.

VI. Summary

After a specific business application is virtualized and deployed, it needs to be continuously managed and optimized. Because everything is changing and developing, although virtualization has many advantages and convenience, it still needs IT personnel to manage and use it well in practice in order to give full play to the real value of virtualization. Ignoring the complexity of system management or inadequate system management in virtualization applications will be a fatal problem in virtualization applications.

This is the answer to the question on how to carry out the VMware virtualization design and deployment interpretation of the enterprise production system. I hope the above content can be of some help to you. If you still have a lot of doubts to be solved, you can follow the industry information channel for more related knowledge.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.