Date post: | 30-Dec-2015 |
Category: |
Documents |
Upload: | aron-warren |
View: | 214 times |
Download: | 0 times |
A New Opportunity - DES
• Legislative mandate to consolidate 5 agencies into DES
• Consolidate support to DES and support 2 existing agencies and 1 new agency
• IT support responsibility includes OFM, Governor’s Office and CTS
• Challenges abound – disparate storage, duplicate applications, redundant infrastructure, firewall separation
DES at InceptionInternet
SGN
R
R
R
R
R
Enterprise Applications
SSV FirewallCurrent DES Issues:- Isolated- A2A Traffic over SGN- Firewall obstruction- Conf Rm to agency logon via SGN
DES Current StateNetwork Consolidation Status 10/5/11
DRAFT
d
GOV Workstations
d
GA Workstations
d
DOP Workstations
d
CR Workstations
d
DIS Workstations
d
CTS Workstations
d
Dept of PrintingWorkstations
d
OFM Workstations
File/App/Web
File/App/Web
File/App/Web
File/App/Web
File/App/Web
DES FirewallCTS FirewallDOP FirewallGA FirewallOFM Firewall
OFM AD
DOP ADGA AD
PRT AD
DIS ADDomains
By the Numbers…
• DES as new agency October 1st, 2011– 345 servers, 63% virtualized– VMware was primary platform– 3 SAN enabled virtual farms
Virtual Objectives
• Consolidate hardware in single “vFarm”• Extend layer 2 to virtualize existing pre-
DES agency infrastructures• Support “come as you are” vDC to
expedite virtualization and consolidation• Build new DES branded virtual data center
topology for DES services eClient and eApp
DES Future Services
DCwa.lcl DC
wa.lclwa.lcl
eClient.wa.lcl eApp.wa.lcl
vDCeClient.wa.lcl
vDCeApp.wa.lcl
DCeClient.wa.lcl
vDCeClient.wa.lcl
DCeApp.wa.lcl
DCeApp.wa.lcl
vDCeApp.wa.lcl
Users
d
Workstations
File&Print
Mgmt Demarcation
CTS provisioned domain / CTS-DES shared
ownership / admin
DES provisioned services / DES administration
App/Web/SQLApp/Web/SQL
Shared Admin Domain ModelDRAFT 1/27/12
eClient & eApp Domains Washington StateAD Forest wa.lcl
DCeClient.wa.lcl
Present Virtual Work
• Virtualize 93 more servers to hit 90%• Migrate 3 ESX farms to 1 shared farm• Scale to support anticipated Windows
server growth of 7 – 10% per year• Build out network to support enterprise
services and desired efficiency
DES Shared Virtual Platform
• VMware ESX4i• HP DL380 G7 rackable servers• RAM (lots of it)• EqualLogic iSCSI storage• Licensing at the processor level• More RAM!
* RAM is always limiting factor
Storage
• iSCSI based 1GB I/F ethernet storage• 89.24 TB of RAID50 SAS & SATA disk• 16% in near term snapshots• Thin provisioned, over provisioned• Replicated to TierPoint data center• Fully virtualized
Layer 2 Extensions enabled…
• Virtualize “in place” – no change for existing applications
• Built-in backup / recovery– vRanger immediately picks up new guests
• Shared storage scalability– Growth accommodated at multi-agency level
• Operational mgmt by designated leads– Spread vFarm mgmt to key leads with
appropriate training
Virtual Console
• Virtual Console roles– Resource Pool Admin– Resource Pool Server Admin
• Attempted “linked consoles”– End client still needs direct access to primary
console
• Jumpbox model– RDP to console, run locally with pre-DES AD
accounts set to virtual Data Centers
VMware Converter
• VM converter “needs”– Virtual Console enabled guest within each
pre-DES network– Migration host with kernal (ip) on each client
network– No affinity during transition to invidual VM
host
Security
• pre-DES agencies had different security policies and data risks
• New security team and unified strategy at DES key enabler
• Building to support security spectrum– vLAN separation– vSwitch separation– vFirewall security & audit
Why Virtualize? Story 1
• AFRS Data Warehouse– Problem: Existing DW is operating 2
Windows 2003 x64 servers with SQL Server 2005 and team wants to migrate to Windows 2008 R2 x64 with SQL Server 2008 R2 Enterprise. Migration of data and transition is expected to take in excess of a month.
– Server 1: 2.85 TB of storage on 3 SAN volumes F, G, H– Server 2: 1.65 TB of storage on 2 SAN volume F, G
Why Virtualize? Story 2
• ERDC P20 Data Warehouse– Problem: The new P20 Data Warehouse for
the Economic Research & Development Council (ERDC) needed the ability to “recover” a full infrastructure platform (QA, DEV, Sandbox or Prod) to any given day / week in recent history.
Lessons Learned
• Cross train early and often• Change management and disciplined approach• Keep capacity for maintenance (n+1+ a little more)• Script configurations wherever possible for consistency
(powershell or ???)• Don’t assume – validate throughput, monitor links for even
load distribution, etc. (Windows perfmon, VMware esxtop, switch CLI)
• Don’t underestimate RAM and storage• Have your customers tout your success (nothing sells your
service more than a happy customer)• Patience – build in quality rather than rework