5. 13.4 Using InfiniBand for SANs
In the storage area network or the san world. We love Fiber Channel over Ethernet. It’s a very high speed way of getting data between maybe a server and a storage array. Specifically, we love Fiber Channel because that lets us do block storage, which is more efficient than file storage. And we love Ethernet because it’s so widely available. Well, in this video, we want to take a look at yet another technology called InfiniBand that we might use in that capacity. Specifically, we might use it in a storage area network, but not limited to a storage area network. We might see it in a data center. It might be used in the supercomputing environment. It can even be used to interconnect devices within a server because it is so high speed and there are different speeds available.
And different manufacturers make this InfiniBand hardware. For example, both intel and Oracle, they have InfiniBand hardware a company called Melanox. They were very big in this space, but they were acquired in 2019 by the graphics card manufacturer Nvidia. And the speeds available will probably continue to increase. But at the time of this recording, it’s fairly common to have infiniban speeds of about 40 gigabits per second.
And infiniban uses a switching technology. It’s very similar to connecting servers and clients into an Ethernet switch. We have an InfiniBand or an IB for short switch that we can interconnect with a storage array and a server. To give you an idea of what an InfiniBand switch might look like, here’s one that Cisco Systems has. You see, we’ve got a series of connectors along the front, and we could connect those into a server or into our storage array. Let’s zoom in on one of those ports to give you a little better sense of what one of those ports would look like in an infiniban switch. And this technology is going to be competing with technologies such as Ethernet and technologies like Fiber Channel.
In fact, speaking of Fiber Channel, we could do something like this. Remember that we love Fiber channel over Ethernet. Well, you guessed it. We could do something called Fiber Channel over InfiniBand or Fcoib for short. This is going to allow us to leverage the incredible high speed of InfiniBand while staying with a Fiber Channel architecture that our storage array is based on. And that gives us that block storage. So InfiniBand, we could think of that almost as a competing technology to something like Fiber Channel or Fiber Channel over Ethernet.
6. 13.5 Cloud Technologies
While many companies still maintain their own data centers where they have their computing resources located at their site, an industry trend is to move towards having those resources off site in the servers of a cloud service provider. It’s like having your data center in the cloud. And these cloud resources go beyond just a place to store data. We can have cloudbased processor resources, sometimes called computer compute resources. We can get database resources. All sorts of application resources could live in the cloud. What we’re basically doing is migrating services traditionally provided by our data center up to the cloud. It reminds me of when I used to work at a local university. I remember back in those days, we had several Microsoft Windows servers and one of the servers was acting as a DHCP server, one was acting as a Microsoft Exchange server.
We had other servers doing other jobs. But when it was time to upgrade a server or swap out a hard drive that had failed or apply a security patch, it was our job to do that. It was our job to keep the rooms cool that housed the servers. It was our job to provide power and redundant power to those servers. And then when it was time to replace a server with new upgraded equipment, it was our job to go buy the new server. But with cloud computing, we could let a service provider handle those types of responsibilities. And in this video, we’re going to talk about some different cloud computing services that are available. All sorts of things traditionally provided on our local network are now available as a service. You might hear the term X AAS, where X is like a variable and AAS stands for as a service. We’re going to talk about in this video, software as a service, infrastructure as a service, and more. But first, let’s talk about the scope of certain cloud services.
We might have a public cloud. This is where we have resources that are available to the public. Maybe it’s on the Internet that we’re making this available to the public. Or maybe there’s some other public cloud provider that’s providing that access. We may have a private cloud that’s typically within an organization. Maybe it’s the entire organization or a subset of devices within that organization that can access these private cloud resources. Or sometimes it’s a mixture of both. We want to keep some things private, but other things public. That’s what a hybrid cloud service would do for us. And we also have a community cloud service. A community cloud service is where we have multiple organizations that are sharing the same set of resources.
For example, maybe we have some different companies that are collaborating on a specific project together. Well, they all might need access to a common set of resources which could be housed in a community cloud. And that community cloud might actually be served up by a data center at one of those community members data centers. Maybe those community cloud resources are in some sort of third party cloud Providers cloud and now let’s think about some of the specific services that cloud computing can offer us. And these are just a few examples. This is not comprehensive. One thing we could have is infrastructure as a service or IaaS. This is where we could go to our cloud provider and say, hey, I want to purchase infrastructure as a service and that’s going to allow this company to rent virtualized servers and then the servers can run specific applications. This is a lot like running a virtual server on hardware at our site, except now we don’t have to buy the hardware. We rent it, we pay for it on an as needed basis. And the hardware lives in the cloud, which might be accessible via the Internet and hosted that by our cloud service provider. We could also have access to software services that’s SAS software as a service SaaS. Here we have applications that maybe our employees are using and these applications can be licensed by and hosted by our service provider and our clients can get access to those software applications, typically via a web browser. That’s the typical way of getting access.
As a couple of examples dropbox, Google Apps, those are Software as a service platforms. We could also rent platform as a service technologies PaaS. This is going to give our application developers in our company a development environment. They don’t need to worry about going to their boss and saying, hey, I need to buy this specific kind of server so I can develop this application and then create that infrastructure that’s needed. No, we can just provision that on an as needed basis from our service provider. If we need three Unix servers and we want them to have this much storage and this much memory and we want to interconnect them, we can do all that virtually through cloud services. Yet another example is Network as a service in AAS. Here our service provider is making network services available such as VPNs Virtual Private networks between our sites.
They might offer us bandwidth on demand, giving us more bandwidth when we need it, and connecting it to the Internet would be another common service. And we get those types of services from our Internet service provider. And there are several different cloud computing vendors out there that might give us these types of services. For example, Amazon, Rackspace, those are a couple of the big names. There’s one final example. Consider desktop as a service. This might allow a smaller company to have subscriptions for their end users and that’s going to allow these users to access a specific desktop environment on their computer that’s maintained by the cloud provider.
This might be appropriate for a small business that did not want to devote resources to having an It person go around and set up everybody’s computer desktop and take care of all of their backups and do upgrades. That’s something that a Dazz or a DaaS provider could do for us. And some Das providers allow an end user to customize their own desktop and have that be persistent. That’s called a persistent desktop. However, you might prefer a non persistent desktop. This is where a user’s desktop is going to be reset to a default setting every time they log in.
And that’s a high level look at cloud computing, where we’re taking a lot of resources that we may have purchased and maintained and operated and secured locally. We’re taking those services and we’re letting a service provider take care of those in the cloud. We allow them to upgrade the hardware, and that way, if we’re rolling out a new application, it’s not as much of a gamble for us. We don’t have to buy those ten extra servers when we’re not sure if we’re going to need them or not. We can just provision services from the cloud provider. We get those resources on demand. That’s called elastic. And this can be a pay as you go plan. We pay for what we use so this can give us a very robust computing environment while saving us money in the process.
7. 13.6 Accessing Cloud Services
We know that there is an industry trend to start migrating away from having data centers at our site to putting those data centers in the cloud in a cloud providers network. And the question we want to address in this video is, how do we get from the enterprise out to that cloud provider? One obvious answer is, well we could use the Internet. After all, the enterprise connects to the Internet, the cloud provider can easily connect to the Internet. The big challenge is the Internet is not secure, it’s an untrusted network. So what do we do to protect our data in transit? One option is we could have a VPN, a virtual private network that can encrypt traffic flowing between our data center in the cloud and the enterprise, so that if any bad actor were to intercept that data, they couldn’t do anything with it because it’s all scrambled up.
If you don’t want to use the Internet though, there are other options. You might want to use a private wide area network, a private Wan as a couple of examples of private Wan technologies. Maybe you could use multiparticle label switching or MPLS, or maybe Metro Ethernet. And another consideration for accessing these cloud resources is we may have different cloud providers and at different times we may want to switch from one cloud provider to another. Let’s say, for example, that we’re using Cloud Provider One, but Cloud Provider Two is going to give us a better rate for the next six months as an example. And we have to go in and remap everything over to that other cloud provider. That’s a lot of work if we’re going to be moving applications or specific applications between specific cloud providers. A way to streamline that process a bit is to connect with an intercloud exchange. If we have that single connection into the intercloud exchange, it’s their job to connect out to the different cloud providers that we’re going to be using. And you can just tell the intercloud exchange that, all right, I want to stop using Cloud Provider Three and I want to go to Cloud Provider Two, and they can handle all of that in the background. It’s going to be transparent to you. You don’t have to do remapping of all of your resources to that new cloud provider because you’re just pointing to the intercloud exchange. They’re getting you to resources regardless of which cloud provider it is. You just tell them where you want them to connect. And that’s a look at how to connect to some of our resources which live in the cloud.
8. 13.7 Infrastructure as Code
One of the buzzwords we might hear in the industry a lot these days is infrastructure as code or IAC. In this video let’s define what is infrastructure as code. What can it do for us? Well, when we say code, we’re talking about a document, a configuration file. And it’s a lot like a program, a lot like a Python program. We talk about coding in Python. Well, we could write code that does defines our infrastructure. And here are some things that IEC can do for us. It could provision infrastructure devices. After all, we can spin up virtual servers, we can define virtual switches, routers firewalls, we can do that manually or we can just have this configuration file, this code. In other words, that does it for us. That way if I want to spin up another server with identical settings, I’ve got the code to do that.
It’s not as prone to errors. It’s going to give us more consistency and it’s going to make it a lot quicker to do. In addition to provisioning those devices, this code can also configure an infrastructure that we already have. Maybe we’re defining parameters for a network interface card. Here’s your IP address, here’s your subnet mask, here’s your default gateway. Maybe we configure routing protocols like OSPF on a virtualized router. And we might also use infrastructure as a code to deploy and manage applications. So we could install the applications on servers with this code and set the configuration parameters for those applications.
And over time we might want to apply updates and patches to those applications. We can do all that with code. Now let me give an example of what this code might look like. In this example, let’s say that we’re wanting to provision a Linux server. So here we have this code that’s defining this resource called Virtual machine. For this virtual machine resource, we see the name of it, we see it’s going to have a couple of virtual CPUs. We’ve got about eight gig of memory, the domains Kw, train local and you see some other parameters as well. We see that the IP address is going to be 170, 216, 133. We see the gateway, we see the subnet mass climb, we see the DNS servers that we’re going to be pointing to and we see how we’re provisioning the storage.
We’re going to be installing this on our hypervisors data store called Data Store underscore one it’s going to be thin provisioned and we’re going to be using Eastern time, specifically New York time for the time zone for this server. Well, we push that into our cloud provider and say I want to define this VM and suddenly we’ve got this Linux VM defined and there are different tools out there that can do this infrastructure as code for us to do the provisioning or to do the installation or to do the configuration. And they all differ a little bit. Let me give you just a few common examples to provision the infrastructure, like spinning up a server, spinning up a virtual router. We might use something called TerraForm to do the configuration management. After we have something in place, maybe we use Puppet or Chef or Ansible is another popular one and in this video we don’t need to spend time discussing each one. And this is not a comprehensive listing. But to give you a better sense for what’s happening here, let’s take Ansible as an example. Let’s see how Ansible can be used for configuration management. Let’s say that I’ve got these Cisco Nexus switches in my data center and I’ve got an Ansible server and I want to push out a configuration and have it be consistent across all these switches. And I’m going to define that configuration in what’s called an Ansible playbook.
And the language that the playbook is written in is called YAML. And YAML, when I first heard it, I thought that probably stands for yet another Markup language because in Unix there’s a compiler called Yak, yet another compiler compiler. So I thought, okay, this is yet another Markup language. Actually it’s not. After doing a lot of research on this, I’ve discovered that YAML actually stands for Yamlaint Markup language. That’s the format of this configuration file. And we’re going to have the configuration instructions in this playbook written in YAML. And we’re going to run that playbook against an inventory. That’s a list of the devices that we want to configure. In this case, it’s a list of those Cisco Nexus switches. We run the playbook against the inventory.
And something that’s unique about ansibles compared to other configuration management tools like Puppet or Chef is it does not require an agent on the device. Typically with Puppet, we have a Puppet agent running on the device that’s going to be configured, or we have a Chef agent running on the device that we’re going to configure. However, with Ansible that’s not a requirement. And to give you an example of what an Ansible configuration file might look like, let’s check out this example. And even if we don’t speak YAML, I think this is still fairly easy to interpret. We’re going to be applying some network settings, we’re going to be applying an IP helper address to specific interfaces. And we might not want to apply this Ansible file to all these switches because it’s defining the same IP address for all switches. We wouldn’t want to do that.
But this is just an example. But here’s the way Ansible works. We’ve got our playbook of the configuration instructions written in YAML. We’ve got our inventory. That’s the list of devices that we want to configure. We run the playbook against the inventory and then the Ansible server is going to reach out to those devices to be configured using secure shell connections, SSH, and it’s going to apply that configuration. And we did that infrastructure configuration with code. That’s an example of IAC infrastructure as code that lets us provision infrastructure devices, configure infrastructure devices, install and manage applications as well. All from these configuration files written in code. And that’s a look at infrastructure as code.
9. 13.8 Multi-Tenancy
In this video, we want to define the term multitenancy. And I think we can understand this by comparing multitenancy in a computing or a networking environment to multitenancy within an apartment building. Let’s imagine that what we see on screen is an apartment building with multiple tenants. We’ve got tenants one, two and three, and additional tenants. And within an apartment building like this, can tenants one just walk into tenant two’s apartment? No, that would not be very nice. Tenant three does not have access to the department of tenant one and so forth. Even though they’re sharing the same building, they’re isolated from one another.
And by sharing the same building, they’re sharing resources. For example, water is coming into the building. We have electricity coming into the building. We don’t have a separate electrical line coming in just for tenant one and another just for tenant two. No, all the tenants share this common electric circuit, and all the tenants share the same water pipe coming into the building. It’s much the same way with computing and networking environments where we can have a single underlying platform, like a server or a router, and have multiple tenants share those resources, even though they’re logically isolated from one another. If we look at a single tenancy example, we have maybe a server with a hypervisor running on it.
It could be something like VMware ESXi. And we have different VMs, different virtual machines running on top of that hypervisor. But all these belong to tenant number one. Let’s say that we wanted to share those resources, the server hardware and the hypervisor. We want to share those with tenants two and three. Well, that would be a multitenancy configuration where we still have the underlying server hardware. We have the hypervisor like VMware ESXi running on top of that. But then we have isolated from one another, different tenants. Tenant one has three VMs running, but on that same underlying hardware platform. Tenant two has a single VM, and tenant three has a couple of virtual machines running. Now that’s an example of a server.
We could do something similar with a router. With a router, we could use a feature called VRF virtual Routing and Forwarding, which allows us to have different routing tables inside of the router for different tenants that might be used by a service provider to have a single router maintain routing tables for different customers. They’re isolated from one one another, but they’re sharing the same underlying routing hardware. And the ability to share that underlying software and underlying hardware, that’s the main benefit of multitenancy.