Do you really need to replicate everything? Not necessarily - just those things that are deemed 'mission critical'. Some organisations will feel that the bulk of their applications and data are in that category, whilst others will have a smaller subset of mission critical needs.
Geographic redundancy can be achieved in a number of ways. You can deploy multiple sites and use a product such as Veritas's Smart Location or EMC's Replication Storage to duplicate applications and data, which is a significant investment. Most IT professionals still build redundant sites as a backup and manually manage data replication and failover to the secondary site when needed.
IT has its site sitting inert as an insurance policy, but also as a non-performing asset. By 'virtualising' data centre resources at both sites, you can turn non-performing assets (with the exception of a disaster) into an ongoing available asset that will function in a distributed scenario to achieve maximum reliability and performance, regardless of location. For example, in an active-active data centre configuration (a design that provides backup, disaster recovery and continuity of operations), you could do data replication, upgrades and maintenance on a more frequent basis, increasing your overall up time and time-to-market for services. There are other benefits to virtualisation when you look at the data centre itself. If you need maximum availability and high performance for your applications and data, you can deploy a very reliable midrange server with RAID and redundant power supplies that cost half a million dollars.
Nevertheless, you'll still have a single point of failure because you have a single system. You could also achieve your business objectives by throwing very expensive hardware at it, trusting that all the components will keep running. A better practice is to virtualise your server and application resources - a much more cost-effective and a better overall architecture.
What to consider when virtualising your data centre
It starts with the application. Can this application be deployed in a manner that can be virtualised? Does it support clustering or are there tools that help it support clustering so each application instance recognises state? If so, that application is a great candidate for virtualisation within the broader context of the application-delivery network framework.
Can the underlying applications be replicated in real time between redundant sites so they can resolve requests at any site at any time, ensuring that the data is current? If you can't replicate the data in real time, there might still be an opportunity to virtualise redundant sites if the data being served doesn't require up-to-the-minute freshness. There are many scenarios where that does makes sense.
Ultimately, you have to look at the underlying application infrastructure to determine what you can virtualise. The same is true for virtualising connectivity and links. You also must consider the amount of data and performance during the replication process. In this case, the primary challenge is not the bandwidth or link capacity - the challenge is how much of that data can be concurrently transferred or put into the pipe whilst eliminating protocol communication overhead. We've seen customers with OC-3 connectivity between data centres with replication processes using only a fraction of that pipe. They have much data to transfer and it just trickles into the pipe, so replication literally takes days to complete. It's just not efficient. Fortunately, there are solutions that use symmetrical WAN acceleration to mitigate this situation. So replication processes that took days to finish now get completed in hours. That's a better model and a better use of the underlying infrastructure, which includes available bandwidth.
The benefits of data centre virtualisation
From an architecture standpoint, there are many benefits to virtualising your resources that deliver applications. The savings are profound, such as better use of infrastructure, 99.999% availability and simplified management. It boils down to better operational efficiency.
With virtualisation, there's efficiency in the underlying hardware requirements. In essence, you need less hardware or less expensive hardware to do the same work. You can get five times the performance for a third of the cost when you compare a midrange system to a modest server farm. If you can put 10 low-cost servers in a virtualised resource pool, you have five to 10 times the power of the most powerful midrange system at a third of the cost. By virtualising the servers, you realise tremendous cost savings and have a much better architecture for availability and ongoing maintenance.
If you need to bring one server down, it doesn't impact the others, and you can gracefully add and remove systems to support your underlying architecture. For tasks such as ongoing maintenance and management, you can realise significant efficiencies. For redundant active-active data centres managed by an intelligent DNS system, you can very easily bring down one data centre for maintenance without affecting the other data centres or impacting users. The benefits of virtualisation run the gamut: ongoing maintenance and management, reduction of hardware acquisition costs and better architecture for availability, security and performance.
Business uptake of virtualisation
At what stage are most businesses at in their quest for data centre virtualisation? For complete data centre virtualisation and multi-data centre virtualisation, I would say most enterprises are at about 10-15%.
Of course, you'll have pockets where people are virtualising some applications using things like VMWare or clustering. It's not across the board. But then we see virtualisation on the combined server and application level using application traffic management systems. Virtualisation is pretty much a given in the web world. At the application server and database level, it's still nascent. There's still a lot of room to build that proven model at the web tier down in the application and data tiers.
However, most of our large enterprise customers already have some form of SAN virtualisation in production. You also see virtualisation principles at work as far as connectivity, topology and access. So virtualisation really isn't a new concept. What is new is thinking about all the points in the WAN and LAN infrastructure where you can realise virtualisation benefits regardless of where you started. Consider your need for worldwide employees to securely access your network and applications at any time from any device and from any location. Sometimes sites go down for maintenance, connectivity problems or disasters. If you provide worldwide access that is only available 95% of the time and is underperforming 98% of the time, you are not achieving your goal of round-the-clock worldwide access.
Here, virtualisation integrated with access technologies (such as SSL VPN) comes into play. Virtualisation of distributed access devices that route users to the best possible site, which hosts your SSL VPN access control, provides access to applications and network resources without any interruption of service. Routing users to the best available site is completely transparent and does not require updating client software or reconfiguring clients, which is fraught with problems.
Security benefits
Instead of spending so many cycles, resources and effort on securing each and every potential vulnerability, why not virtualise your IT resources and centralise their management by defining security policies based on who is requesting access (client type, endpoint security, integrity of client, SSL credentials), the type of device requesting access (operating system, firewall, AV), the type of encryption (3DES, AES) and what transactions are allowed (what is authorised by that user's role), and what is allowed for the application (inputs, characters, links, cookies, etc)
This saves a tremendous amount of time, gives you a better security posture and improves your auditing capabilities because it centralises these functions. You not only protect your applications and network resources, but also provide secure remote access to your resources no matter where your employees are located. Virtualisation also allows you to place an additional layer in front of hackers by having full application proxy sitting between hackers and any application traffic management device to cloak the IP addresses of your resources. That's a huge benefit because hackers are not talking directly to your resources.
Summing up the case
When you consider virtualising your IT resources, you must consider all critical junctures of your network topology. What is your current environment? Do you have multiple data centres, do you currently multi-home or provision multiple ISP links from different providers? Do you have applications that you can virtualise?
Where are your users coming from - the branch office, overseas or remotely from the road? Are those users private employees, public users, contractors, suppliers or customers? Finally, what are your business goals, objectives and SLAs? If you want to experience the benefits of virtualising your IT resources, these are some of the questions you need to ask yourself.
Benefits of going virtual
- Turn non-performing assets into an ongoing available resource;
- Achieve maximum reliability and performance regardless of location;
- Allow data replication, upgrades and maintenance on a more frequent basis;
- Increase overall up time and time-to-market for services;
- Can deploy multiple low-cost, high-performance servers with applications and data instead of expensive mid-range systems;
- When one server fails, you can switch over to another without affecting the data or users;
- By using less hardware, you can get five times the performance for a third of the cost;
- Better operational efficiency;
- Allows you to place an additional layer in front of hackers
About the author: Chris Poulos is managing director of F5 Networks for Australia and New Zealand. Before joining F5 in September 2006, Poulos served as Asia-Pacific managing director of Akimbi Systems, which was acquired in June 2006 by VMWare. Prior to that position, he was managing director for Trend Micro in Australia and New Zealand.
