Professional Documents
Culture Documents
Technical Proposal
Issue 01
Date 2015-05-19
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective
holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and
the customer. All or part of the products, services and features described in this document may not be
within the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements,
information, and recommendations in this document are provided "AS IS" without warranties, guarantees
or representations of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute a warranty of any kind, express or implied.
Website: http://enterprise.huawei.com
This document aims at assisting field sales personnel or system architects (SAs) of the
virtualization solution in quickly drafting the technical proposal for the data center
virtualization project. Users can also copy desired content from the complete version of
the technical proposal to this document.
This document provides reference for field product managers or SAs who use
FusionSphere 5.1 (VRM architecture) to provide the data center virtualization solution.
Delete this page before providing this document to customers.
Replace the header and footer of this document with the company name and logo of the
customer.
Replace the blue italic words and XXX in this document with actual project information
or delete them.
This document is only for reference by virtualization solution sales personnel. Customize
the document based on project requirements before you provide it to customers or
agents.
Calculate the quantity of required devices using eDesigner. This document does not
provide the calculation process. Obtain eDesigner at:
http://app.huawei.com/unistar/edesigner/solutionAction!showSolutionHome.action?
groupId=1&tblHomepageInfoId=4
XXX in this document must be replaced with the specific company name of the customer.
Change History
Date Version Description Author
Contents
4 Configuration List........................................................................................................................44
1 Overview
1.1 Background
[Suggestion]
Describe the background of the data center virtualization project.
[Example]
Over the past few decades, informatization has experienced the terminal/host mode in the
mainframe server era, client/server (C/S) mode in the personal computer (PC) era, and the
browser/server (B/S) mode in the Internet era. In the past 20 years, the Internet united
organizations and individuals around the world and implemented resource sharing among
them, which imposed significant impacts on various service types and everyone's daily life.
In the new era, an increasing number of users make contributions to and interact actively with
one another on the Internet. Hardware and software resources are provisioned as services on
the Internet for users, allowing them to utilize IT resources easily like using electricity and
water. Such service modes impose high requirements for data center construction. However,
the conventional data center construction modes and plans cannot fit the development of the
new era. In this regard, old and new technologies are gradually consolidated, become
sophisticated, and get innovated. Cloud computing technologies come into being. Cloud
computing is an inevitable trend, and it is developed based on existing IT technologies and
service applications.
Since 1990s, information technologies, especially Internet technologies, have witnessed a
rocketing development. Some new technologies and new science have emerged, propelling
application fields towards an extensive and in-depth development. Informatization has
become one of the most important driving forces for social development. XXX informatization
confronts with challenges as its developed construction.
So far, cloud computing technologies in the XXX field have been widely used and played an
increasingly important role around the globe. With the leading technologies, the XXX field has
wedged itself into the most important informatization fields in this new era. According to a
survey made by the UNESCO in 2000 for 62 countries (39 developing countries and 23
developed countries), 89% of the countries have set about propelling e-Government
development and considered e-Government as a state plan (e-Government is taken as an
example).
China's e-Government development is based on the government informatization process.
Since 2000, e-Government has evolved from government online towards comprehensive e-
electricity fees, the swelling of IT assets, and the diversity of hardware devices. All these
pose a great challenge to green environments, low carbon footprint, and efficient O&M
that the IT industry is pursuing.
Weak service continuity and data security
Most XXX system applications are the basic tools for XXX to implement informatization.
After years' construction and use, XXX has accumulated a large amount of practical data
and set up a standard work flow. XXX gradually turns to the information-based business
operation mode, and therefore imposes high requirements for uninterruptible system
running and data security.
The uninterruptible running of application systems is intensely demanded because more
and more work relies on the assistance of IT systems. Hardware and software failures,
single points of failure (SPOFs), natural disasters, or even system downtime for planned
maintenance, may adversely affect service running and data security. How to ensure
service continuity and data security is a big challenge faced by IT systems.
Complicated service deployment processes and long service rollout duration
With the business development of the XXX company, new service systems are
continuously emerging, and new servers need to be purchased. However, the server
purchase and service system deployment involve several departments, including the
planning department, procurement department, and maintenance department. The
purchase progress and procedures of these departments are different, which easily causes
a complex service deployment process and long service rollout duration.
To resolve these problems, deploy IT system infrastructure on the cloud platform. The
cloud platform-based virtualization technology can implement various functions,
including computing, storage, and network resource virtualization, resource sharing and
allocation, consolidation and scheduling of service servers, as well as centralized, policy-
based resource management. Therefore, the virtualization technology can rapidly adapt
to the ever-changing service development requirements, reduce the IT TCO, and help
focus on core services.
Therefore, the cloud platform construction is imperative.
maintenance can turn to mainstream services, thereby improving resource utilization and
helping XXX to focus on mainstream services and win the full-service competition.
Helps XXX to improve resource utilization and build a green IT system.
The cloud platform supports easy device replacement and capacity expansion, thereby
significantly increasing the resource reuse ratio, avoiding the stovepipe development
structure, and effectively implementing energy conservation and emission reduction.
Reduces IT resources and O&M costs.
The cloud platform provides an O&M platform for centralized resource management,
which helps reduce O&M costs.
Shortens the service deployment duration and improves service agility.
The cloud platform can be planned initially and then deployed on demand. This mode
simplifies data planning, lowers investment risks, allows easy capacity expansion and
reduction, and implements timely adaptation to service or IT changes.
Ensures continuity of core services through high cloud platform reliability.
The cloud platform supports the functions including high availability (HA) and live
migration to prevent service interruptions caused by SPOFs, minimize the device
downtime, and ensure core service continuity.
2.1.6 Security
Consider end-to-end security in the overall solution design and ensure secure, environment-
friendly use of resources.
a site). In a physical cluster, multiple servers can be grouped into a resource cluster (also
known as an HA-enabled resource pool) that supports VM live migration and HA
functions. One physical cluster can contain multiple resource clusters.
Cloud management
Implements centralized monitoring, alarm generation, and O&M for the cloud platform.
Security assurance
Provides end-to-end security for the cloud data center.
(Optional) Centralized data center management
Provides a centralized resource management platform for managing and monitoring
physical and virtual resources, generating alarms, and interconnecting with third-party
systems.
Service system
Runs on the cloud platform of the cloud data center. Service systems can be consolidated
on the cloud platform to implement rapid service deployment and elastic resource scaling
and therefore offer reliable and stable services.
Figure 1.3 Networking diagram for constructing the cloud platform using E9000 servers
The E9000 server is deployed in the customer's data center and connects to the uplink core
switches of the customer using 4 x 10GE ports. The network communication plane consists of
the service network and management network. These two networks are isolated by VLANs,
thereby preventing end users from damaging the basic platform.
The switching backplane of each E9000 subrack uses the CX310 switch module. Each CX310
provides 24 x 10GE optical ports. Two CX310 modules are stacked to implement data
switching and are connected to uplink aggregation devices. The E9000 server supports rapid
multi-subrack expansion. The two 2 x 10GE links serve as the trunk to cascade subracks. The
E9000 server consists of basic and extension subracks, and a maximum of six subracks can be
cascaded. Each extension subrack connects to the basic subrack over 4 x 10GE links.
VMs use the local storage resources on E9000 blades. The local storage resources connect
directly to E9000 blades over the SAS ports and are virtualized into a centralized resource
pool by the distributed storage software FusionStorage.
The internal network uses the layer 2 network architecture so that the E9000 server can be
connected to the customer network in layer 2 networking mode. In this mode, the subnet
gateway is set to the IP address of the customer's network, and the switch for E9000 server
only serves as the access switch. This mode applies to scenarios in which management and
service planes must be isolated. Users can configure different subnets to ensure secure
isolation.
Each server is equipped with two storage NICs that are not bound. Each IP SAN storage
controller is equipped with eight NICs. Two NICs are in one network segment, so there are
four storage network segments. Each physical NIC on a server is assigned two IP addresses on
different network segments. A server has IP addresses from four network segments, which
correspond to four storage network segments on IP SAN storage devices. The storage plane
provides eight logical links (with multipathing configured) and four physical links.
The IP SAN device in a cabinet employs the eight-path load balancing mode to ensure
reliability and stability of storage services. The storage services will not be interrupted
even if any one of the eight paths drops the connection.
Controller A and controller B of the IP SAN device are connected to the two S57XX
switches in the cabinet through four GE optical interfaces in layer 2 networking mode.
Each S57XX switch has two VLANs configured. Controller A and controller B use four
IP network segments to communicate with the four VLANs of the switches. The ports
connected to the IP SAN device allow traffic from two VLANs, that is, from two IP
network segments.
Multipathing software is running on the server to ensure load balancing efficiency and
reliability. Each server provides two network ports, and each network port is assigned
two VLAN IP addresses. These VLAN IP addresses each map a network segment of an
IP SAN controller.
Cinder: provides persistent block storage for running instances. Its pluggable drives
facilitate block storage creation and management.
Nova: manages the lifecycle of computing instances in the OpenStack environment, for
example, creating instances in batches, and scheduling or stopping instances on demand.
Neutron: provides APIs for network connectivity and addressing.
VRM node: manages virtual resource pools.
Computing Node Agent (CNA) node: manages computing resources.
The Nova-compute driver enables FusionSphere OpenStack to use functions provided by
FusionCompute, including live migration, HA, distributed resource scheduling (DRS), and
CPU QoS.
The Cinder-volume driver enables FusionSphere OpenStack to interwork with any storage
devices that have been certified to be compatible with FusionCompute and to manage
FusionStorage through FusionCompute, thereby offering a cost-effective storage solution in
the large-scale cloud data center scenarios.
FusionCompute connects to Ceilometer and reports VM monitoring data to Ceilometer.
Therefore, tenants can use the monitoring and alarm reporting functions of Ceilometer and the
elastic scaling function of Heat.
FusionCompute integrates the Open vSwitch (OVS) Agent and connects to Neutron so that
FusionCompute can use the Neutron ecosystem to seamlessly integrate with third-party
network services.
By employing Nova and Cinder drivers and the Glance bypass mechanism, FusionSphere
OpenStack allows images to be stored on third-party NFS or S3 systems, thereby ensuring
high concurrency and high throughput of the image service and preventing traffic bottlenecks
of the Glance service. In addition, FusionCompute supports interconnection with native
Glance to provide the image service.
The Cloud Provisioning Service (CPS) provides basic services, including bare device
installation and OpenStack software deployment. A graphical user interface (GUI) is
provided, simplifying OpenStack deployment and configuration.
Performance monitoring
− Monitors performance of hosts and VMs.
− Monitors the CPU, memory, and storage usages of hosts and VMs.
Report
− Provides real-time and historical monitoring reports of hosts and VMs.
− Allows users to query reports generated at specified periods of time, for example,
daily, weekly, or monthly reports.
Server monitoring information includes:
− Alarm statistics
− CPU usage
− Memory usage
− Inbound and outbound network traffic rates
− Disk I/O and disk usage
Storage device monitoring information includes:
− Alarm statistics
− Mounting status
− Total size
− Allocated size and available size
Network monitoring information includes:
− Inbound and outbound network traffic rates
− Port status
− Port traffic
VM monitoring information includes:
− VM status
− CPU usage
− Memory usage
− Inbound and outbound network traffic rates
− Disk I/O and disk usage
Open APIs
FusionSphere provides open APIs for external systems to obtain alarm data.
− Alarm query interfaces (HTTP REST):
Querying the alarm list and alarm status
Querying alarm resources
− Alarm subscription interfaces (HTTP REST)
− Alarm reporting interfaces (SNMP)
The FusionSphere system uses the bare-metal architecture to virtualize server computing
resources. One server can be virtualized into multiple isolated virtual servers, thereby
improving server resource utilization and simplifying system management.
The FusionSphere system supports VM affinity, which allows multiple VMs to be placed on
different servers based on the configured rules to implement mutual-assistant VMs or active
and standby VMs, and achieve cost-effectiveness.
Location Affinity
− Keep VMs together: VMs that are added to this rule must run on the same host. One
VM can be added to only one Keep VMs together rule.
− Mutually exclusive: VMs that are added to this rule must run on different hosts. One
VM can be added to only one Mutually exclusive rule.
− VMs to hosts: This rule associates a VM group with a host group so that VMs in the
VM group can be only deployed on and migrated to hosts in the host group.
Capability Affinity: Non-uniform memory access (NUMA) nodes are introduced in
physical servers to improve the memory access efficiency of CPUs. The CPUs and
memory resources used by VMs (guests) are grouped into NUMA nodes based on the
memory access efficiencies of the CPUs. A CPU can achieve its maximum memory
access efficiency when accessing memory within its own NUMA node. When a VM is
created, FusionSphere preferably allocates CPU and memory resources required by this
VM on one NUMA node, thereby reducing memory access latency and improving
memory performance.
VM Resource Management
Users can create VMs using a VM template or in a custom way, and manage clustered
resources, including automatic resource scheduling, VM management (such as creating,
deleting, starting, stopping, restarting, hibernating, and waking up a VM), storage resource
management (such as common disk and shared disk management), and VM security
management.
The FusionSphere system also supports VM live migration and VM HA.
FusionSphere allows users to adjust the number of virtual CPUs (vCPUs), memory size,
NICs, and volume attaching and detaching status.
Network Virtualization
The FusionSphere system supports the following features for network virtualization:
Network bandwidth control, ensuring network QoS
Distributed virtual switch (DVS)
Single-root I/O virtualization (SR-IOV), improving network processing performance
Interconnection with the OpenStack Neutron network
Storage Virtualization
The FusionSphere system supports Huawei distributed storage software FusionStorage as well
as disk arrays, such as fibre channel storage area network (FC SAN) and IP SAN storage.
A private cloud is entirely isolated from all VMs that are not hosted by this private cloud. An
enterprise can apply for VPCs on the public cloud platform and use independent IP addresses
and subnets in its VPCs. Furthermore, the enterprise can use the access control list (ACL)
rules of physical firewalls to implement isolation between subnets in a VPC and between
subnets and external networks.
Users can apply for a security group based on VM security requirements and configure access
rules for the security group. After a VM is added to the security group, the VM is subject to
these rules. Security groups implement secure isolation and access control for VMs, thereby
improving VM security.
An elastic IP address allows users to use a fixed public IP address to access the VM to which
the public IP address is mapped.
Multi-Data-Center Management
If an enterprise or carrier has multiple data centers scattered in different regions, the
OpenStack cascading technology helps implement centralized management and maintenance
of multiple data centers.
Allocatable server computing capability = SPEC value x CPU usage x (1 – Number of UVP
hyperthreadings/Total number of hyperthreadings) = 775 x 70% x [1 – 2/(4 x 8 x 2)] = 525
The number of hyperthreadings consumed by the underlying hypervisor is 2. The CPU usage is from
50% to 70%.
When calculating the actual number of servers, take redundancy into consideration. You must reserve at
least one redundant server for each cluster to support the VM HA feature.
If 8 GB memory modules are used, the number of memory modules of each server can be
calculated as follows:
Number of memory modules of a server = (Total memory size/Number of servers + 8 GB)/8
GB = (987 GB/7 servers + 8 GB for virtualization consumption)/8 = 19 memory modules
You are recommended to configure an even number of memory modules. Make sure that the memory
usage is no more than 80%.
To ensure VM reliability on the cloud platform and enable smooth VM migration in the event
of server failures, reserve 20% (configurable based on the specific project) CPU and memory
resources on the computing servers during system deployment.
Based on the preceding principles, the number of computing resources required by the system
can be calculated as follows:
Number of vCPUs: 322 x 120% = 387
Memory size: 856 GB x 120% = 1028 GB
Based on server models (four 8-cores) and the 30% redundancy requirement, the number of
required servers can be calculated as follows:
Number of servers = Number of vCPUs/(Number of CPUs x Number of CPU cores x 2 – 2) =
387/(4 x 8 x 2 – 2) = 7 (Roundup)
If 8 GB memory modules are used, the number of memory modules of each server can be
calculated as follows:
Number of memory modules of a server = (Total memory size/Number of servers + 8 GB)/8
GB = (1028 GB/7 servers + 8 GB for virtualization consumption)/8 = 20 memory modules
Table 7.2 lists the number of required servers.
1 RH2288H V2 4 XXX
2 XXX XXX XXX
Storage interface layer: provides volumes for operating systems (OSs) and databases over the
Small Computer System Interface (SCSI).
Storage service layer: provides various advanced storage features, such as snapshots, linked
cloning, thin provisioning, distributed cache, and backup and DR.
Storage engine layer: provides basic storage functions, including management status control,
distributed data routing, strong-consistency replication, cluster self-recovery, and parallel data
rebuilding.
Storage management layer: provides the O&M functions, including software installation,
automatic configuration, online upgrade, alarm reporting, monitoring, and logging, and also
provides a portal for user operations.
Huawei distributed cloud data center solution uses the FusionStorage system. FusionStorage
employs the new-generation distributed storage architecture and parallel, distributed grid
storage technologies. The horizontally scalable architecture and distributed multiple-node grid
implement storage load balancing. Fine-grained data distribution algorithms are used to
ensure constantly even data distribution. FusionStorage improves system reliability,
availability, and data storage and retrieval efficiency. In addition, the capacity of
FusionStorage can be easily expanded. Simply speaking, FusionStorage can be deployed on
common servers to consolidate local disks on all servers into a virtual storage resource pool.
Volumes are fragmented and distributed to all hard disks of the resource pool, thereby
achieving fine-grained, high-concurrency data storage and retrieval.
Figure 1.9 shows the principles of the FusionStorage distributed storage resource pool.
Storage Arrays
//(Delete this sentence before delivering this document to the customer.) If FusionStorage is
used, delete this section.
Storage arrays consist of IP SAN and FC SAN arrays. FC SAN is a closed network based on
traffic control, and therefore it has higher traffic transmission efficiency than IP SAN. This
project uses FC SAN storage to ensure high storage performance and reliability.
SAS, SATA, and NL SAS are the three mainstream disks in the industry. SAS disks are
typically recommended for carrying services.
RAID 5, RAID 6, and RAID 10 are all the commonly used RAID arrays. Among them, RAID
5 is typically used by service systems, whereas RAID 10 is typically used by databases.
Table 9.1 describes the example storage planning for this project.
Service High-end FC 900 GB SAS disks with a RAID 5 (for service systems)
system SAN storage revolutions per minute and RAID 10 (for databases)
(RPM) of 10,000
XXX XXX XXX XXX
Each storage node is equipped with 14 hard disks. Two 2.5-inch 600 GB SAS disks are used
to group RAID 1 for installing the virtualization software, and the rest 12 hard disks are
virtualized by FusionStorage to provide virtual disks for service VMs.
Storage Arrays
Table 9.3 describes the example configuration of storage arrays.
S5300 V3 4 XXX
XXX XXX XXX
3.5.1 OpenStack HA
OpenStack reliability is determined by the reliability of services provided by OpenStack,
including:
Representational State Transfer (REST) API service reliability, which provides
continuous API services for users.
Database service reliability, ensuring user configuration data integrity and service
continuity.
Communication service reliability, ensuring uninterrupted interaction between
components.
The cloud data center framework ensures the system security in the following aspects:
Physical security
Only authorized personnel can enter the cloud data center equipment room. Monitoring
devices are installed in the equipment room, facilitating after-the-event auditing.
Basic security
Plenty of generic software, including OSs, databases, and web applications, is used in a
cloud computing environment. This makes the system prone to viruses, vulnerabilities,
Trojan horses, or denial of service (DoS) attacks. Huawei FusionSphere uses system
hardening, antivirus services, and security patches to protect the system against the
attacks, thereby ensuring basic security.
Virtualization security
Cloud computing not only provides resource sharing but also brings new risks and
threats. To address these risks and threats, the virtualization layer of FusionSphere
separates hosts from VMs and separates the VMs that deployed in different departments
or companies, which ensures VM security. In addition, to prevent attacks initiated by
VMs within a cloud, deploy host-based virtual firewalls, intrusion detection systems
(IDSs), or intrusion prevention systems (IPSs), instead of traditional firewalls or IDS
devices at the network egress.
Network security
The data center network may be attacked by various security risks, such as DoS attacks,
eavesdropping, and tampering of user data. Huawei FusionSphere ensures network
security using multiple methods, including network isolation, attack defense, and
transmission security assurance.
By subnet division and network isolation, the data center network is divided into the
computing, storage, management, and access domains. These domains are isolated from
each other, and the management plane uses an isolated physical network. This prevents
network problems, such as network storms, from being spread all over the network.
With VPCs configured, each department in the cloud data center has independent
VLANs, which correspond to independent virtual firewalls. The cloud data center
ensures secure seamless access to enterprise or department data and applications from
the enterprise or department intranet using the virtual private network (VPN) or
private network. In addition, employees on business trips can access data and
applications of their enterprises or departments in the cloud data center.
Figure 1.12 illustrates cloud network isolation using security groups.
The cloud data center provides network security groups (virtual firewalls) to ensure
security between VMs, including VMs on one physical host. Users can apply for
security groups on the portal and define ACL rules for each security group, for
example, open a specific network service or port, allow an external IP address to
access a VM port, and authorize the access between security groups. One security
group can have multiple ACL rules.
− The internal communication plane is divided into the service plane, storage plane,
and management plane. These planes are isolated from each other using VLANs.
Deploy firewalls between these planes if they need to communicate.
Figure 1.13 illustrates the security domain division of the cloud data center.
The FusionSphere solution is an integrated security solution that uses the private
network or IPsec VPN to interconnect the enterprise intranet with the data and
applications of the enterprise in the cloud data center. The enterprise can plan internal
IP addresses for the enterprise data and applications in the cloud computing center as
required. Therefore, users on the enterprise intranet can access the enterprise data and
applications in the cloud data center just like accessing the intranet. In addition,
employees on business trips can access the cloud data center over flexible Secure
Sockets Layer (SSL) VPN connections to implement mobile working.
− (Optional) A demilitarized zone (DMZ) is created for intranet isolation.
A DMZ is a buffer area between an insecure system and a secure system and is
located in the small network between the internal network and external network of
the data center. Some server facilities open to the Internet, such as web servers, File
Transfer Protocol (FTP) servers, and forums, can be located in the DMZ. The DMZ
effectively ensures the security of internal networks.
− Network planes are isolated to ensure data security.
The network communication plane of FusionSphere OpenStack can be divided into
the management network, tenant network, and storage network. These networks are
isolated by VLANs, and tenant networks are isolated by Virtual eXtensible LANs
(VXLANs). The network isolation mechanism ensures that operations performed on
the management platform do not interrupt service running and prevents end users'
operations from adversely affecting basic platform management.
Tenant network
A tenant network provides a channel for users to obtain services, for VMs to
communicate with each other, and for external applications to interact with the
FusionSphere system.
A tenant can have multiple tenant networks. VMs of the tenant can connect to
the tenant networks to communicate with one another.
Storage network
A storage network provides a channel for block storage devices to communicate
and provides storage resources for VMs through the virtualization platform,
instead of communicating directly with VMs.
Management network
A management network provides such functions as system management, service
deployment, and system loading.
Border protection
Huawei FusionSphere uses high-performance firewalls to protect the system against
scanning attacks, malformed packet attacks, resource exhaustion attacks, and special
packet control attacks.
The firewall enables the Network Address Translation (NAT) function to hide internal
networks, isolates services using security zones, uses ACL rules and connection status
check to ensure legitimate data communication, and employs the IPS to prevent intrusion
towards the application layer. The firewall implements strict ACL rules for the cloud
platform. A physical firewall can be virtualized into multiple logically independent
firewalls, each of which provides independent security policies to protect services of
specific users.
The built-in IPS module of a firewall can configure specific defense policies based on
the destination IP addresses of packets to protect service traffic in the specified IP
address segments from being attacked.
Huawei FusionSphere implements the differentiated anti-DDoS function to allow
customization and management of attack defense policies for large-scale enterprises. The
defense type, protected IP address, HTTP port number, and check thresholds all can be
customized based on customer requirements.
The SSL VPN gateway can be virtualized into multiple virtual gateways to isolate
enterprise users and allow IP address overlapping.
Security setting
This solution implements security settings for host OSs according to the Linux OS
security benchmark of the Center for Internet Security (CIS). For example, insecure
services are disabled, password strength policies are configured, and permission for files
and directories is properly configured.
Security patch management
Huawei provides a strict process for managing security patches and regularly releases
tested OS patch packages on the Huawei support website. O&M personnel can regularly
download and install OS patches.
The system performs bit- or byte-based verification for the stored data and evenly
distributes the verification information on each disk in a disk array. Disk arrays save user
data blocks and data verification information on different disks. Therefore, if a data disk
is faulty, the system can rebuild data on the disk using other data blocks in the same data
strip and the verification information.
SAN coffer technology
If the SAN devices are powered off unexpectedly, the SAN coffer technology is used to
ensure data security and integrity.
With the SAN coffer technology, some areas of several hard disks are specifically used
to store cache data and some system configuration data that are not written to hard disks
due to the power outage. During power failure, internal batteries or external
Uninterruptible Power Systems (UPSs) supply power to enable cached data to be written
to data coffers. After the power is restored, data in the data coffer is written to the cache
for processing.
− Operation logs
Operation logs record the detailed information about management and maintenance
operations performed by O&M personnel. The information, including the username,
operation type, client IP address, operation time, and operation result, is used by
auditing personnel to periodically check for inappropriate or malicious operations.
The operation logs can be used as operation evidence to address disputes.
− Run logs
Run logs record the information about the running status of each node in the system.
Run logs can be generated based on log levels.
Run log information includes the log level, thread name, and running information. By
viewing run logs, O&M personnel can learn and analyze the running status of the
system to detect and handle exceptions in a timely manner.
− Black box logs
Black box logs record information about severe system faults and are used to locate
and handle faults. The system transfers black box logs generated for computing nodes
to the log server, and saves black box logs generated for management nodes and
storage nodes in local directories.
The eBackup VM backup plan uses Huawei eBackup backup servers, the FusionCompute
snapshot function, and the Changed Block Tracking (CBT) function to back up VM data. By
collaborating with FusionCompute, the eBackup software backs up data of a specified VM or
a VM volume based on the configured backup policies. If a VM becomes faulty or its data is
lost, the VM can be restored using the backup data. The data can be backed up to an external
SAN or NAS storage device.
The eBackup VM backup plan delivers the following characteristics:
No backup agent needs to be installed on the VM to be backed up.
VM data can be backed up regardless of whether the VM is in the running or stopped
state.
Backup and restoration can be performed for VMs using different storage resources, such
as FusionStorage or virtualized storage resources.
VM data can be backed up to various storage devices, including external SAN or NAS
storage devices connected to the backup server.
The eBackup backup plan provides application-consistent backup and recovery by
leveraging Microsoft's Windows Volume Shadow Copy Service (VSS). VSS provides a
consistent interface that allows coordination between user applications that update data
on disks and those that back up applications.
Multiple backup modes are supported, including full backup, incremental backup, and
batch backup.
− Full backup backs up only valid data.
− Incremental backup backs up only the data blocks that have been changed since the
last backup. Therefore, less data needs to be backed up, reducing VM backup costs
and minimizing the backup window.
Data backups can be used to restore entire VMs or VM disks on the original or specified
VMs one by one or in batches. To restore a new entire VM, ensure that the new VM is
created on FusionCompute. Otherwise, the restoration fails. The VM created on
FusionManager or on the desktop cloud cannot be restored using the data backup.
Multiple VM restoration modes are supported, including VM image-based restoration,
incremental data-based restoration, and fine-grained file-level OS restoration.
− When a VM image is used to restore a VM, the data to be restored is all data in a full
backup.
− Incremental VM data can only be used to restore VMs that use virtualized storage
resources. When the incremental backup data is used to restore the original VM, the
CBT function is used and only data blocks changed since the last backup need to be
restored, thereby implementing quick restoration.
− Fine-grained file-level restoration restores only some files or directories in a disk,
instead of restoring the entire disk. Therefore, the fine-grained file-level restoration is
the fastest and most effective restoration modes.
When virtualized storage is used at the production site, multiple backup data
transmission modes are supported, including LAN, LAN SSL, and SAN (or LAN-free).
The LAN SSL encryption transmission mode secures the backup data, and the SAN (or
LAN-free) transmission mode improves backup and restoration performance and reduces
performance penalty on production servers. If FusionStorage is used at the production
site, the internal storage network is used for backup. Therefore, the backup data has no
security risks.
eBackup supports flexible backup policies.
− Allows users to configure differentiated backup policies for VMs or VM groups.
− Allows users to select the VMs to be backed up by selecting a container, such as a
cluster, in the hypervisor, and then automatically discovers new VMs in the selected
container during the data backup.
− Supports multiple backup modes, including full backup and incremental backup.
− Supports deduplication and compression of backup data.
− Allows users to configure the data backup retention duration and automatic deletion
of expired data.
− Allows users to set backup policy priorities.
eBackup supports concurrent backup and restoration. One backup agent supports up to
40 concurrent tasks.
VM disks can be backed up and restored across FusionCompute sites.
The eBackup backup plan employs the distributed architecture that blends backup
servers and backup agents. One backup server manages up to 64 backup agents. The
backup servers can also function as backup agents. Therefore, no additional backup
agent servers are required. Both backup servers and the backup agents can be centrally
managed using a browser. It is recommended that each backup agent backs up data for
200 VMs. You can add backup agents based on the VM scale. A maximum of 10,000
backup agents are supported.
The eBackup backup plan delivers high reliability.
− If a backup agent fails, its services are distributed to other backup agents.
− The eBackup backup system supports self-recovery in the disaster scenarios, for
example, the OS, host, or storage is damaged.
recommended) of the main storage for VM backup. If the backup fails due to insufficient
space of the main storage, migrate some VMs away to release space.
Table 14.1 lists the planned capacity of the backup system.
The cascading OpenStack system needs to manage multiple cascaded OpenStack systems.
VMs, volumes, and network resources are all running at the cascaded layer. The cloud
platform provides services using RESTful APIs of the cascading OpenStack system. RESTful
APIs allow cascaded OpenStack systems, especially those at the geographically scattered
sites, to be integrated across internal networks or even the Internet.
Each cascaded OpenStack serves as an AZ and provides the CLI and RESTful APIs for
management. The fault of any cascaded OpenStack system does not adversely affect the
services of other cascaded OpenStack systems and the cascading OpenStack system. In
addition, even if the cascading OpenStack system fails, resources of the cascaded OpenStack
systems are still running and can be managed using local OpenStack APIs. Therefore, the
OpenStack cascading mechanism helps to set up always-online, manageable HA cloud
services.
In a word, OpenStack cascading implements multi-data-center management and significantly
simplifies the integration process.
4 Configuration List
This chapter lists the hardware and software devices provided by Huawei for this project.
Customize the content based on the project.
Table 14.2 is an example of the configuration list for the hardware and software devices
provided by Huawei for the cloud data center project.
Table 14.2 Configuration list for the cloud data center project
No. Device Specifications Quantity Remarks