NETWORK TRANSFORMATION THROUGH VIRTUALIZATION

Theresa Zix, Vice President, Information TechnologyHerman Choi, Network Architect

Art Center College of Design

Art Center Intro

2 Locations in Pasadena, CA 4 Groups of Design Study

Industrial, Communication, Design Sciences, Arts & Media

Size 1,500 Students + 3,000 in Public

Programs 450 Faculty + 250 Staff

(South Campus Picture)

(Students Working Picture)

Original Network (2004)

Large Flat Network No Boundaries Prone to Broadcast Storms and

Network Loops No Physical Infrastructure

Redundancy Inefficient Use of Equipment and

Cabling Infrastructure

Initial Concerns

Lack of Scalability No room for growth and expansion

Lack of Resiliency Availability was the issue

Lack of Security Free-for-All environment

What is Virtualization?

Abstraction of physical computing resources

Single physical computing resource appears as multiple logical resources

Multiple physical computing resources appear as a single logical resource

Solution (2005-2008)

Implemented Network Virtualization Allowed networks to be implemented without physical constraints

No longer constrained by legacy physical networks

Gained flexibility and reliability through efficient use of resources

Original Scalability Issues

Legacy network equipment limited scalability and expandability

Deployed multiple physical switches dedicated for different departments

Too many switches deployed Inefficient use of power and

infrastructure

Solutions For Scalability Issues (2005)

Virtual LANs (VLANs) Instead of multiple

switches, deployed only one switch

Allocated ports on one switch to specific networks

Lowered power consumption

Used infrastructure more efficiently

Solutions For Scalability Issues (2005)

Virtual Trunking Protocols Allowed use of

multiple VLANs to share common physical links

Supported legacy non-routable applications

Extended flexibility of network

Solutions For Scalability Issues (2005)

Virtual Etherchannel Links Ports can be combined and bonded

together to increase bandwidth capacity and utilization

Solutions For Scalability Issues (2005)

VLAN and Virtual Trunking Protocols were extended to the wireless infrastructure

Simple wireless APs can only support one SSID wireless network

VLANs allowed different SSIDs to propagate across fewer APs

Solutions For Scalability Issues (2006)

Virtual Security Devices Legacy security

devices only performed one function per physical box

Split into multiple logical security devices

Firewall services VPN services Intrusion Detection

services

Solutions For Scalability Issues (2008)

Virtual Application Load-Balancing Legacy load-balancers only worked on

one network Split into multiple logical load-balancers

Original Resiliency Issues

Original network did not have redundant network backbone or fiber uplink connections

Routing gateway functionalities were limited to a single routing device

Solutions For Resiliency Issues (2005)

Spanning-Tree Protocols Used redundant uplinks to be

simultaneously active Multiple uplinks can now be utilized more

efficiently

Solutions For Resiliency Issues (2005) Virtual Routing

Redundancy Protocols Legacy routing

were constrained to physical interfaces and single routing devices

Routing gateway functionality can be spread across multiple routers

Original Security Issues

Originally had a large flat network

One large broadcast domain Highly unstable Everybody could see one another

Easy for viruses and worms to propagate

No containment or isolation

Solutions For Security Issues (2005)

VLANs used to create isolated networks

Dramatically decreased size of broadcast domain

Private VLANs can be created to restrict communication between hosts within the same network

Solutions For Security Issues (2008)

Use of Access Control Lists to restrict communication between VLANs - Difficult to scale and maintain

Future Direction - Virtual Routing and Forwarding Create virtual isolated paths within the

same network - Internal VPN Virtual routers within one physical router

Maintain Network Virtualization Need Monitoring and Visibility

Monitor CPU and Memory Utilization

Monitor Bandwidth Utilization Monitor Virtual Routing States Monitor Virtual Spanning-Tree States

SNMP – Preferably version 3 Logging – Monitor Incidents and Errors

Server Virtualization

Hot Topic Nowadays Multiple operating systems or

server instances deployed across multiple physical servers

Examples of virtualization software VMWare Citrix Xen Microsoft Parallels Virtuozzo

Benefits of Server Virtualization Greater flexibility and scalability Increases reliability and

availability More efficient use of hardware

resources Sounds great! What’s the problem? What does this have to do with

the network?

Server Virtualization Issues Network Utilization

and Capacity Changes One server not tied to

just one physical NIC Imagine 10 virtual

machines sharing the same physical NIC

Virtualization software may only load-balance based on CPU and memory utilization

Server Virtualization Issues Security

Management Changes By default, all

virtual machines can see one another

Private VLANs Host-based

Firewalls Host-based

Intrusion Detection

Software-based solutions

Server Virtualization Issues Network Design

Changes Not just a regular

server connection Networking has

been extended from network switches to virtual switches inside each server

Same Network Virtualization concepts

What Does the Future Hold? More visibility and monitoring

required More emphasis on network design

and deployment of virtual machines Possible IT Culture Change - Your

network and system engineers must work more closely together

Similar to network and voice convergence – Merge technical skills

THANK YOU

ART CENTER COLLEGE OF DESIGNWWW.ARTCENTER.EDU

Theresa Zixtheresa.zix@artcenter.edu

(626) 396-2477

Herman Choiherman.choi@artcenter.edu

(626) 396-2256