Huawei FusionSphere 5.1 Technical Proposal Template (Cloud Data Center)

XXX Cloud Data Center Solution
Technical Proposal
Issue 01
Date 2015-05-19
HUAWEI TECHNOLOGIES CO., LTD.

Copyright © Huawei Technologies Co., Ltd. 2015. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without prior
written consent of Huawei Technologies Co., Ltd.
Trademarks and Permissions
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective
holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and
the customer. All or part of the products, services and features described in this document may not be
within the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements,
information, and recommendations in this document are provided "AS IS" without warranties, guarantees
or representations of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute a warranty of any kind, express or implied.
Huawei Technologies Co., Ltd.

Address: Huawei Industrial Base
Bantian, Longgang
Shenzhen 518129
People's Republic of China
Website: http://enterprise.huawei.com
Issue 01 (2015-05-19) Huawei Proprietary and Confidential i

Copyright © Huawei Technologies Co.,
Ltd.
XXX Cloud Data Center Solution Technical Proposal About This Document
About This Document
 This document aims at assisting field sales personnel or system architects (SAs) of the
virtualization solution in quickly drafting the technical proposal for the data center
virtualization project. Users can also copy desired content from the complete version of
the technical proposal to this document.
 This document provides reference for field product managers or SAs who use
FusionSphere 5.1 (VRM architecture) to provide the data center virtualization solution.
 Delete this page before providing this document to customers.
 Replace the header and footer of this document with the company name and logo of the
customer.
 Replace the blue italic words and XXX in this document with actual project information
or delete them.
 This document is only for reference by virtualization solution sales personnel. Customize
the document based on project requirements before you provide it to customers or
agents.
 Calculate the quantity of required devices using eDesigner. This document does not
provide the calculation process. Obtain eDesigner at:
http://app.huawei.com/unistar/edesigner/solutionAction!showSolutionHome.action?
groupId=1&tblHomepageInfoId=4
XXX in this document must be replaced with the specific company name of the customer.
Change History
Date Version Description Author
2015-05-19 1.0 This issue is the first Li Houqing

official release.
Issue 01 (2015-05-19) Huawei Proprietary and Confidential ii

Ltd.
XXX Cloud Data Center SolutionTechnical Proposal Contents
Contents
About This Document....................................................................................................................ii

1 Overview.........................................................................................................................................1
1.1 Background.....................................................................................................................................................................1
1.2 Risks and Challenges......................................................................................................................................................2
1.3 Project Requirements......................................................................................................................................................3
1.4 Project Objectives...........................................................................................................................................................4
2 Overall Solution Design..............................................................................................................6

2.1 Design Principles............................................................................................................................................................6
2.1.1 Unified Planning and Construction.............................................................................................................................6
2.1.2 Centralized Platform....................................................................................................................................................6
2.1.3 Existing System Consolidation and New System Construction..................................................................................6
2.1.4 Cutting-Edge and Sophisticated Technologies............................................................................................................6
2.1.5 High Reliability...........................................................................................................................................................6
2.1.6 Security........................................................................................................................................................................7
2.1.7 Flexibility and Scalability............................................................................................................................................7
2.2 Overall Solution Architecture.........................................................................................................................................7
2.2.1 Overall Architecture of the Cloud Data Center...........................................................................................................7
2.2.2 Solution Highlights......................................................................................................................................................8
3 Detailed Design of the Cloud Data Center Construction Plan............................................9

3.1 Design of the Cloud Data Center Networking Plan.......................................................................................................9
3.1.1 Overall Cloud Data Center Networking Plan..............................................................................................................9
3.1.2 (Optional) E9000 Server+FusionStorage Networking Plan......................................................................................11
3.1.3 (Optional) Server+SAN Storage Networking Plan...................................................................................................13
3.1.4 Network Configuration..............................................................................................................................................14
3.2 Cloud Platform System Design....................................................................................................................................15
3.2.1 Virtualization Platform Design..................................................................................................................................15
3.2.2 Resource Management and Monitoring....................................................................................................................17
3.2.3 Key Features..............................................................................................................................................................19
3.3 Computing Resource Planning.....................................................................................................................................21
3.3.1 Server Selection.........................................................................................................................................................21
3.3.2 Planning for Existing Servers to Be Reused..............................................................................................................21
Issue 01 (2015-05-19) Huawei Proprietary and Confidential iii

Ltd.
XXX Cloud Data Center SolutionTechnical Proposal Contents
3.3.3 Server Quantity Planning..........................................................................................................................................22

3.4 Storage Resource Planning...........................................................................................................................................24
3.4.1 Storage Requirements................................................................................................................................................24
3.4.2 Storage Selection.......................................................................................................................................................24
3.4.3 Storage Capacity Planning........................................................................................................................................27
3.5 Reliability Design.........................................................................................................................................................28
3.5.1 OpenStack HA...........................................................................................................................................................29
3.5.2 Virtualization Reliability...........................................................................................................................................29
3.5.3 Management Reliability............................................................................................................................................29
3.5.4 Server Reliability.......................................................................................................................................................29
3.5.5 Storage Reliability.....................................................................................................................................................30
3.5.6 Network Reliability...................................................................................................................................................30
3.6 (Optional) Security Plan Design...................................................................................................................................30
3.6.1 Security Architecture.................................................................................................................................................30
3.6.2 Network Security.......................................................................................................................................................32
3.6.3 Virtualization Security...............................................................................................................................................35
3.6.4 Data Security.............................................................................................................................................................36
3.6.5 O&M Management Security.....................................................................................................................................37
3.7 (Optional) Backup Plan Design....................................................................................................................................38
3.7.1 eBackup Backup Plan Overview...............................................................................................................................38
3.7.2 Backup Capacity Design...........................................................................................................................................41
3.8 (Optional) Heterogeneous Hypervisor Management....................................................................................................42
3.9 (Optional) Multi-Data-Center Management.................................................................................................................43
4 Configuration List........................................................................................................................44
Issue 01 (2015-05-19) Huawei Proprietary and Confidential iv

Ltd.
XXX Cloud Data Center SolutionTechnical Proposal OverviewOverview
1 Overview
1.1 Background
[Suggestion]
Describe the background of the data center virtualization project.
[Example]
Over the past few decades, informatization has experienced the terminal/host mode in the
mainframe server era, client/server (C/S) mode in the personal computer (PC) era, and the
browser/server (B/S) mode in the Internet era. In the past 20 years, the Internet united
organizations and individuals around the world and implemented resource sharing among
them, which imposed significant impacts on various service types and everyone's daily life.
In the new era, an increasing number of users make contributions to and interact actively with
one another on the Internet. Hardware and software resources are provisioned as services on
the Internet for users, allowing them to utilize IT resources easily like using electricity and
water. Such service modes impose high requirements for data center construction. However,
the conventional data center construction modes and plans cannot fit the development of the
new era. In this regard, old and new technologies are gradually consolidated, become
sophisticated, and get innovated. Cloud computing technologies come into being. Cloud
computing is an inevitable trend, and it is developed based on existing IT technologies and
service applications.
Since 1990s, information technologies, especially Internet technologies, have witnessed a
rocketing development. Some new technologies and new science have emerged, propelling
application fields towards an extensive and in-depth development. Informatization has
become one of the most important driving forces for social development. XXX informatization
confronts with challenges as its developed construction.
So far, cloud computing technologies in the XXX field have been widely used and played an
increasingly important role around the globe. With the leading technologies, the XXX field has
wedged itself into the most important informatization fields in this new era. According to a
survey made by the UNESCO in 2000 for 62 countries (39 developing countries and 23
developed countries), 89% of the countries have set about propelling e-Government
development and considered e-Government as a state plan (e-Government is taken as an
example).
China's e-Government development is based on the government informatization process.
Since 2000, e-Government has evolved from government online towards comprehensive e-
Issue 01 (2015-05-19) Huawei Proprietary and Confidential 1

Ltd.
Government construction. During e-Government development, various outstanding problems

are also exposed. A unified plan is absent, and e-Government construction is separately
conducted by each department. In this case, irrespective of the actual service requirements,
service volume, and functions required, the construction of equipment rooms and auxiliary
facilities is mandatory for each department. A department must purchase its own hardware
and software, such as network devices, servers, and databases, and manage and maintain the
infrastructure separately, which leads to high investment, low resource utilization, and high
management costs. This separate construction hinders resource utilization and obstructs e-
Government development.
To lower the operation and management costs, improve resource utilization, and shorten the
service rollout duration for XXX, Huawei proposes a data center virtualization solution based
on the service-oriented architecture (SOA) and cloud computing philosophy technologies and
introduces this solution into the planning and construction of XXX data centers.
1.2 Risks and Challenges

[Suggestion]
Describe the risks and challenges for current data centers.
[Example]
The existing data center equipment rooms of XXX manage diverse global applications,
including XXX, XXX, and XXX. In recent years, XXX imposes increasingly high requirements
for informatization and increases its investment on informatization construction. Therefore, it
becomes more and more dependent on informatization systems and demands high urgency
and continuity of system processing. To meet these requirements, XXX data centers must
ensure smooth network communication and uninterruptible service running.
However, there is still a gap for XXX data center to achieve smooth communication and
uninterruptible running. XXX IT systems that are based on the non-virtualization data center
architecture and operation and maintenance (O&M) mode are faced with the following issues:
 Long construction period and high IT investment
With service development, the demands for service system construction increase.
However, the existing construction and O&M modes compel each department to
separately purchase their own hardware devices, including servers, storage devices, and
security devices, which results in a stovepipe construction structure and severe resource
wastes.
In addition, servers in various application systems bear different loads, and server
resources cannot be properly and effectively utilized. According to a survey made for IT
systems in the industry, the non-virtualization application systems typically have their
own dedicated servers. The resource usage of most servers is only between 5% and 25%,
and the total cost of ownership (TCO) keeps increasing. The existing hardware
deployment mode does not support resource sharing and scheduling, which causes low
resource usage, high power consumption, large equipment room space occupation,
complicated management, and high fault rate. Furthermore, the hardware investment and
deployment costs are increasing.
 Limited space and high O&M cost
The growth of service systems places stringent requirements for environment space,
power consumption, and heat dissipation. The costs of the equipment room space and
O&M continue to increase with the purchase of servers, accessories, and software, the
expansion of the equipment room, the reconstruction of the cooling system, the rise in

Ltd.
electricity fees, the swelling of IT assets, and the diversity of hardware devices. All these
pose a great challenge to green environments, low carbon footprint, and efficient O&M
that the IT industry is pursuing.
 Weak service continuity and data security
Most XXX system applications are the basic tools for XXX to implement informatization.
After years' construction and use, XXX has accumulated a large amount of practical data
and set up a standard work flow. XXX gradually turns to the information-based business
operation mode, and therefore imposes high requirements for uninterruptible system
running and data security.
The uninterruptible running of application systems is intensely demanded because more
and more work relies on the assistance of IT systems. Hardware and software failures,
single points of failure (SPOFs), natural disasters, or even system downtime for planned
maintenance, may adversely affect service running and data security. How to ensure
service continuity and data security is a big challenge faced by IT systems.
 Complicated service deployment processes and long service rollout duration
With the business development of the XXX company, new service systems are
continuously emerging, and new servers need to be purchased. However, the server
purchase and service system deployment involve several departments, including the
planning department, procurement department, and maintenance department. The
purchase progress and procedures of these departments are different, which easily causes
a complex service deployment process and long service rollout duration.
To resolve these problems, deploy IT system infrastructure on the cloud platform. The
cloud platform-based virtualization technology can implement various functions,
including computing, storage, and network resource virtualization, resource sharing and
allocation, consolidation and scheduling of service servers, as well as centralized, policy-
based resource management. Therefore, the virtualization technology can rapidly adapt
to the ever-changing service development requirements, reduce the IT TCO, and help
focus on core services.
Therefore, the cloud platform construction is imperative.
1.3 Project Requirements

[Suggestion]
Describe specific construction requirements of this project.
[Example]
With the business development of the XXX company, new service systems are continuously
emerging, but existing IT support systems cannot adapt to rapid service development.
Outstanding problems of the IT systems are exposed, for example, low hardware resource
utilization, slow service rollout, and high maintenance costs. In this case, data centers based
on cloud computing technologies are demanded for reconstructing IT infrastructure to address
requirements for future service increases. In general, construct a cloud data center by
observing the following requirements:
 Analyze existing hardware devices, including servers, storage devices, and network
devices, sort out the devices that can be virtualized in terms of technical feasibility and
cost-effectiveness, and purchase new hardware devices to construct the virtual resource
pool, thereby improving the hardware device utilization. //Customize this requirement
based on the specific project. Delete this requirement if the project does not have device
reuse or purchase requirements.

Ltd.
 Implement pooled management and on-demand allocation of physical and virtual

resources, and allow instant application and quick provisioning of IT resources.
 Migrate existing service systems smoothly to the cloud platform, without reconstructing
service system software or changing service logic and capabilities.
 Deploy new services directly in the cloud data center to meet rapid service deployment
requirements.
 The cloud platform itself must deliver sound reliability and support redundancy
deployment for all hardware and software. In addition, the cloud platform must support
the VM high availability (HA) feature to ensure high reliability of service system VMs.
It can reduce the service downtime and automatically recover service systems.
 The cloud platform must provide various security assurance measures to ensure the
security of service systems from multiple layers, including the hardware, virtualization,
network, and transmission layers.
 The cloud platform must provide a centralized maintenance and management system to
centrally manage physical and virtual resources, thereby simplifying the management
process, improving management efficiency, and reducing O&M costs.
 The cloud data center must support data backup of key services so that services can be
rapidly restored in the event of failures, which prevents data loss and ensures service
continuity. //Customize this requirement based on the specific project. The FusionSphere
Advanced Edition or Platinum Edition (Operation Edition for carriers) comprises
eBackup for VM backup. If customers need to use their own backup software or devices,
adjust this requirement based on the specific backup mode, for example, the cloud data
center must allow VM data backup using the XXX device. If the customers do not pose
backup requirements, delete this requirement.
 The cloud data center must support the disaster recovery (DR) function. //Typically, the
DR function is seldom used in virtualization projects. If the DR function is not used,
delete this requirement. If the DR function is used, customize this requirement based on
the specific DR plan determined with customers, for example, the two-site three-center
DR plan or production center+DR center plan.
 The cloud platform must support smooth capacity expansion or reduction and smooth
upgrade, ensuring that these operations do not adversely affect the service systems that
are already running on the cloud platform. In addition, the cloud platform must provide
sufficient capacity to keep up with the service requirements at least in the following three
to five years.
1.4 Project Objectives

[Suggestion]
Describe the construction objectives of the project.
[Example]
This project is planned to achieve the following objectives:
 Helps XXX to achieve strategic transformation and focus on core services.
The deployment of a non-virtualization system is time-consuming and requires high IT
investment and O&M costs. In comparison, the cloud platform supports centralized
device management, has low maintenance costs, is easy to expand, and allows rapid
resource deployment. Therefore, if the cloud platform is deployed, the core resources
that were originally invested to non-virtualization IT system construction and

Ltd.
maintenance can turn to mainstream services, thereby improving resource utilization and
helping XXX to focus on mainstream services and win the full-service competition.
 Helps XXX to improve resource utilization and build a green IT system.
The cloud platform supports easy device replacement and capacity expansion, thereby
significantly increasing the resource reuse ratio, avoiding the stovepipe development
structure, and effectively implementing energy conservation and emission reduction.
 Reduces IT resources and O&M costs.
The cloud platform provides an O&M platform for centralized resource management,
which helps reduce O&M costs.
 Shortens the service deployment duration and improves service agility.
The cloud platform can be planned initially and then deployed on demand. This mode
simplifies data planning, lowers investment risks, allows easy capacity expansion and
reduction, and implements timely adaptation to service or IT changes.
 Ensures continuity of core services through high cloud platform reliability.
The cloud platform supports the functions including high availability (HA) and live
migration to prevent service interruptions caused by SPOFs, minimize the device
downtime, and ensure core service continuity.

Ltd.
XXX Cloud Data Center SolutionTechnical Proposal Overall Solution DesignOverall Solution Design
2 Overall Solution Design
2.1 Design Principles

2.1.1 Unified Planning and Construction
Plan the cloud data center construction in a unified manner, make a decent top-level design
and plan, and appropriately plan the hardware infrastructure to keep up with the requirements
of both current and future services.
2.1.2 Centralized Platform

Employ cutting-edge cloud computing technologies to build a centralized cloud platform for
carrying service systems, avoid information and application islands, implement resource
sharing, and improve resource utilization.
2.1.3 Existing System Consolidation and New System

Construction
Develop a solution that must attach importance to the sustainable development of
technologies and support both the construction of new systems and the consolidation of
existing systems.
2.1.4 Cutting-Edge and Sophisticated Technologies

When using cloud computing technologies to build cloud data centers and cloud resource
pools, take the durability, scalability, and compatibility of technologies into consideration.
Employ the most cutting-edge and sophisticated technologies in the industry to meet the
requirements of the current and future application development.
2.1.5 High Reliability

High system reliability ensures the stable running of an application system. During the system
design, select highly reliable products and work out a proper architecture to endow the system
with the redundancy, fault tolerance (FT), and fault recovery capabilities and maximize the
system uptime.

Ltd.
2.1.6 Security
Consider end-to-end security in the overall solution design and ensure secure, environment-
friendly use of resources.
2.1.7 Flexibility and Scalability

Allow smooth capacity expansion and system upgrades to keep up with future service
increases and changes, with only minimal adjustments of the system architecture and existing
devices.
2.2 Overall Solution Architecture

2.2.1 Overall Architecture of the Cloud Data Center
Figure 1.1 shows the overall architecture of the cloud data center.
Figure 1.1 Overall architecture of the cloud data center
The cloud data center consists of the following functional areas:

 Hardware
Provides physical devices, including servers, storage devices, network devices, and
security devices, for running the cloud platform and XXX service systems.
 Cloud platform
Runs the virtual servers and virtual desktops of the XXX service systems and implements
resource pooling, elastic scaling, automatic scheduling, and on-demand resource
allocation. The cloud platform supports cloud management and virtual resource pool
management. Cloud management covers the management of multiple cloud resource
pools and various hardware devices. The cloud platform contains multiple virtual
resource pools. Virtual resource pool management provides basic computing, storage,
and network virtualization functions and provides interfaces for interworking with cloud
management. Each virtual resource pool is managed by two management nodes working
in active/standby mode. One resource pool manages one physical cluster (also known as

Ltd.
a site). In a physical cluster, multiple servers can be grouped into a resource cluster (also
known as an HA-enabled resource pool) that supports VM live migration and HA
functions. One physical cluster can contain multiple resource clusters.
 Cloud management
Implements centralized monitoring, alarm generation, and O&M for the cloud platform.
 Security assurance
Provides end-to-end security for the cloud data center.
 (Optional) Centralized data center management
Provides a centralized resource management platform for managing and monitoring
physical and virtual resources, generating alarms, and interconnecting with third-party
systems.
 Service system
Runs on the cloud platform of the cloud data center. Service systems can be consolidated
on the cloud platform to implement rapid service deployment and elastic resource scaling
and therefore offer reliable and stable services.
2.2.2 Solution Highlights

Huawei solution delivers the following highlights:
 Helps XXX to achieve strategic transformation and focus on core services.
The deployment of a non-virtualization system is time-consuming and requires high IT
investment and O&M costs. In comparison, the cloud platform supports centralized
device management, has low maintenance costs, is easy to expand, and allows rapid
resource deployment, thereby keeping up with service development requirements.
 Facilitates O&M management.
Huawei offers an end-to-end solution that involves various hardware devices, including
storage, network, and security devices as well as servers. This solution uses the cutting-
edge Huawei-developed cloud platform that features high performance, openness,
stability, sophistication, sound compatibility, and easy O&M.
 Ensures continuity of core services through high cloud platform reliability.
The cloud platform supports the functions including HA and live migration to prevent
service interruptions caused by SPOFs, minimize the device downtime, and ensure core
service continuity.
 Ensures end-to-end security.
To ensure data center security, this solution employs an end-to-end security architecture
that protects the system from multiple dimensions, including the network access,
virtualization, cloud platform, and user data.
 Employs the open architecture.
Huawei solution employs the open-source OpenStack architecture and provides open
application platform interfaces (APIs) for third-party systems.
 Supports multi-data-center management and large-scale deployment.
Huawei solution uses the advanced, open architecture, supports large-scale deployment
on both physical servers and VMs, and supports management of multiple data centers.

Ltd.
Detailed Design of the Cloud Data Center Construction
PlanDetailed Design of the Cloud Data Center Construction
XXX Cloud Data Center SolutionTechnical Proposal Plan
3 Detailed Design of the Cloud Data Center

Construction Plan
3.1 Design of the Cloud Data Center Networking Plan

3.1.1 Overall Cloud Data Center Networking Plan
In this project, the cloud platform uses the flattened two-layered network architecture, that is,
the core layer+access and aggregation layers. Core switches process traffic of both the core
layer and aggregation layer. A flattened network simplifies the network topology, reduces
device investment, and improves data forwarding efficiency. On a two-layered network, the
virtual clusters and stacking technology can be used to prevent network loops and therefore
enhance network reliability. The VLAN IP addresses are configured on the core switches and
VLANs are assigned on the access switches to implement layer 2 forwarding. Figure 1.2
shows the overall networking plan of the cloud platform.

Ltd.
Figure 1.2 Overall networking plan for a single data center
The entire network is divided into three layers:

 Access layer
Connect servers and storage devices to the access switches in the uplink.
Configure two 10GE network ports in active/standby mode or four GE network ports
(two for the service and management planes and two for the storage plane) on servers.
The service and management planes use port bonding and the storage plane uses
multipathing to ensure link redundancy.
Create VLANs on each access switch to isolate management, service, and storage planes
on it. Stack access switches to simplify networking and improve network reliability.
Network planes in the system are as follows:
− Storage plane: It transmits data between servers and disk arrays. The storage plane
provides link redundancy through the multipathing feature. Servers and storage
devices communicate directly at layer 2 over the storage plane. Storage devices
provide storage resources for VMs through the virtualization platform but do not
communicate with VMs.
− Service plane: It provides a channel for users to obtain services, for virtual NICs of
VMs to communicate with each other, and for external applications to interact with
the FusionSphere system. Access of different service departments can be isolated by
the VLANs configured for VMs.

Ltd.
− Management plane: It transmits communication traffic for such functions as system

management, service deployment, and system loading. In addition to the three
network planes on the server side, the system also provides a baseboard management
controller (BMC) plane. The BMC plane manages server hardware and can be
configured to be isolated from the management plane or not.
If servers are deployed in GE networking mode, each blade server uses two network
ports for the service and management planes and two network ports for the storage
plane. The service and management planes ensure link redundancy using port bonding.
If servers are deployed in 10GE networking mode, each blade server connects to the
network using two 10GE network ports that are bound in load balancing mode to ensure
link redundancy.
 Aggregation layer
Connect access switches to aggregation switches in the uplink. Configure aggregation
switches to work in cluster mode. Connect access switches to aggregation switches
through Eth-Trunk ports. If the aggregation switches are stacked, the Virtual Router
Redundancy Protocol (VRRP) function is not required. If aggregation switches are
required to provide gateway functions, set the user gateway address to the IP address of
the VLANIF interface.
 Core layer
Connect aggregation switches to core switches in the uplink. Deploy core switches in
cluster mode. Core switches interconnect with upper-layer devices using the Open
Shortest Path First (OSPF) protocol or static routes.
If they are connected through OSPF, the addresses advertised by OSPF include the
interconnection addresses of the core switches, direct route addresses, and loopback
addresses.
If they are connected through static routes, the VRRP address is used as the gateway.
3.1.2 (Optional) E9000 Server+FusionStorage Networking

Plan
This section describes the networking plan for deploying E9000 servers and FusionStorage. If
the project employs the server+SAN storage architecture, delete this section.
E9000 is a high-performance blade server developed by Huawei. With Huawei virtualization
software FusionSphere installed, the E9000 servers support server capability virtualization
and therefore provide VMs for users.
The storage space available to VMs is provided by the local server disks that are under
management of FusionStorage, the distributed storage software that is deployed on E9000
servers. FusionStorage abstracts local disks on the E9000 servers into storage resource pools
and provides centralized management interfaces for FusionSphere to access storage resources.
FusionStorage can implement similar functions to SAN devices. FusionStorage supports data
storage with multiple identical data copies. One piece of data can be stored on the hard disks
of different servers, thereby ensuring high data reliability. In addition, the solid state disks
(SSDs) on each blade server are used as the cache, which significantly improves data access
performance.
E9000 servers integrate internal and external switching functions into their subracks, so that
E9000 servers can connect directly to core switches from the backplanes over optical ports.
In this project, E9000 blade servers are used to construct the cloud platform. Figure 1.3 shows
the networking diagram for constructing the cloud platform using E9000 servers.

Ltd.
Figure 1.3 Networking diagram for constructing the cloud platform using E9000 servers
The E9000 server is deployed in the customer's data center and connects to the uplink core
switches of the customer using 4 x 10GE ports. The network communication plane consists of
the service network and management network. These two networks are isolated by VLANs,
thereby preventing end users from damaging the basic platform.
The switching backplane of each E9000 subrack uses the CX310 switch module. Each CX310
provides 24 x 10GE optical ports. Two CX310 modules are stacked to implement data
switching and are connected to uplink aggregation devices. The E9000 server supports rapid
multi-subrack expansion. The two 2 x 10GE links serve as the trunk to cascade subracks. The

Ltd.
E9000 server consists of basic and extension subracks, and a maximum of six subracks can be
cascaded. Each extension subrack connects to the basic subrack over 4 x 10GE links.
VMs use the local storage resources on E9000 blades. The local storage resources connect
directly to E9000 blades over the SAS ports and are virtualized into a centralized resource
pool by the distributed storage software FusionStorage.
The internal network uses the layer 2 network architecture so that the E9000 server can be
connected to the customer network in layer 2 networking mode. In this mode, the subnet
gateway is set to the IP address of the customer's network, and the switch for E9000 server
only serves as the access switch. This mode applies to scenarios in which management and
service planes must be isolated. Users can configure different subnets to ensure secure
isolation.
3.1.3 (Optional) Server+SAN Storage Networking Plan

This section describes the networking plan for deploying servers and SAN storage. If the
project employs FusionStorage, delete this section.
Figure 1.4 shows the networking diagram for constructing the cloud platform using the
server+SAN storage architecture
Figure 1.4 Storage network plane diagram
Each server is equipped with two storage NICs that are not bound. Each IP SAN storage
controller is equipped with eight NICs. Two NICs are in one network segment, so there are
four storage network segments. Each physical NIC on a server is assigned two IP addresses on
different network segments. A server has IP addresses from four network segments, which
correspond to four storage network segments on IP SAN storage devices. The storage plane
provides eight logical links (with multipathing configured) and four physical links.

Ltd.
 The IP SAN device in a cabinet employs the eight-path load balancing mode to ensure
reliability and stability of storage services. The storage services will not be interrupted
even if any one of the eight paths drops the connection.
 Controller A and controller B of the IP SAN device are connected to the two S57XX
switches in the cabinet through four GE optical interfaces in layer 2 networking mode.
Each S57XX switch has two VLANs configured. Controller A and controller B use four
IP network segments to communicate with the four VLANs of the switches. The ports
connected to the IP SAN device allow traffic from two VLANs, that is, from two IP
network segments.
 Multipathing software is running on the server to ensure load balancing efficiency and
reliability. Each server provides two network ports, and each network port is assigned
two VLAN IP addresses. These VLAN IP addresses each map a network segment of an
IP SAN controller.
3.1.4 Network Configuration

Network configuration includes the following items:
 IP addresses
The management nodes, BMC, and underlying hypervisor on the cloud platform require
respective management IP addresses. Two nodes configured with the HA function
require a floating IP address.
Each user VM requires at least one service IP address.
 Route
Configure a VLANIF interface on the core switch for each subnet and use the VLANIF
IP address as the user gateway address.
VMs in a cabinet interwork with each other at layer 2 using access switches in the
cabinet. VMs in different cabinets interwork with each other at layer 3 using core
switches, such as the S9312. The VLANIF IP address is used as the user gateway
address.
 VLAN planning
//(Delete this sentence before delivering the document to customers.) Plan VLAN
configuration based on the project and customer requirements. If the customer already
has VLAN plans, obtain the planned VLAN information, especially for the service plane,
from the customer.
− VLANs for the management and BMC planes: 2 to 50
− VLANs for the storage plane: 51 to 100
− VLANs for the service plane: XXX
− VLANs for basic virtual NICs: 101 to 500
− Customized VLANs for the customer's multiple NICs: 501 to 1500
− Reserved VLANs: 1501 to 4096

Ltd.
3.2 Cloud Platform System Design

3.2.1 Virtualization Platform Design
This project uses Huawei cloud platform FusionSphere OpenStack to abstract computing,
storage, and network resources into virtual resource pools, thereby implementing elastic
service scaling and rapid deployment.
Figure 1.5 shows the architecture of the Huawei cloud platform.
Figure 1.5 Huawei cloud platform architecture
Huawei FusionSphere OpenStack is an enterprise-level OpenStack distribution that is

enhanced and reinforced by Huawei based on the native OpenStack. In the FusionSphere
cloud data center solution, OpenStack integrates FusionCompute to support comprehensive
OpenStack services, including Keystone, Nova, Cinder, Neutron, Glance, Ceilometer, Heat,
and Ironic, and provide end-to-end O&M capabilities:
 Basic service capability: The FusionSphere OpenStack system has the basic installation,
deployment, and O&M capabilities, including log management, time management,
backup and restoration, upgrade, and patching.
 OpenStack capability: Based on native OpenStack, Huawei extends computing, storage,
and network plug-ins and implements computing, storage, and network virtualization.
FusionSphere OpenStack centrally schedules and manages virtual resources over unified
interfaces, thereby reducing the operating expense (OPEX) and ensuring high system
security and reliability. It also helps telecom carriers and enterprises build secure, green,
and energy-saving cloud data centers.

Ltd.
Huawei cloud platform consists of the following management nodes:

 OpenStack management node: supports computing, storage, and network plug-ins,
virtualizes computing, storage, and network resources, and provides unified interfaces.
 FusionManager node: provides resource access, configuration, monitoring, and
maintenance functions.
 FusionCompute management node: FusionCompute provides basic virtualization
functions. It virtualizes servers, storage devices, and network devices and provides
interfaces for interworking with FusionSphere OpenStack. Each FusionCompute system
is managed by a pair of Virtual Resource Management (VRM) nodes working in
active/standby mode. One FusionCompute system manages a physical cluster (also
known as a site). In a physical cluster, multiple physical servers can be grouped as a
resource cluster (also known as the HA-enabled resource pool). One computing resource
pool shares the same resource scheduling policies. To enable live migration-related
scheduling policies, ensure that the CPUs of physical servers in the resource pool are of
the same generations. A computing resource pool does not include network resources
and storage resources. One physical cluster can contain multiple resource clusters.
Figure 1.6 shows the services and nodes in the FusionSphere OpenStack solution.
Figure 1.6 Services and nodes in the FusionSphere OpenStack solution
Services and nodes shown in this figure are as follows:

 Glance: stores and restores VM disk images. The Glance service is used by
FusionSphere OpenStack to provision instances.

Ltd.
 Cinder: provides persistent block storage for running instances. Its pluggable drives
facilitate block storage creation and management.
 Nova: manages the lifecycle of computing instances in the OpenStack environment, for
example, creating instances in batches, and scheduling or stopping instances on demand.
 Neutron: provides APIs for network connectivity and addressing.
 VRM node: manages virtual resource pools.
 Computing Node Agent (CNA) node: manages computing resources.
The Nova-compute driver enables FusionSphere OpenStack to use functions provided by
FusionCompute, including live migration, HA, distributed resource scheduling (DRS), and
CPU QoS.
The Cinder-volume driver enables FusionSphere OpenStack to interwork with any storage
devices that have been certified to be compatible with FusionCompute and to manage
FusionStorage through FusionCompute, thereby offering a cost-effective storage solution in
the large-scale cloud data center scenarios.
FusionCompute connects to Ceilometer and reports VM monitoring data to Ceilometer.
Therefore, tenants can use the monitoring and alarm reporting functions of Ceilometer and the
elastic scaling function of Heat.
FusionCompute integrates the Open vSwitch (OVS) Agent and connects to Neutron so that
FusionCompute can use the Neutron ecosystem to seamlessly integrate with third-party
network services.
By employing Nova and Cinder drivers and the Glance bypass mechanism, FusionSphere
OpenStack allows images to be stored on third-party NFS or S3 systems, thereby ensuring
high concurrency and high throughput of the image service and preventing traffic bottlenecks
of the Glance service. In addition, FusionCompute supports interconnection with native
Glance to provide the image service.
The Cloud Provisioning Service (CPS) provides basic services, including bare device
installation and OpenStack software deployment. A graphical user interface (GUI) is
provided, simplifying OpenStack deployment and configuration.
3.2.2 Resource Management and Monitoring

In the FusionSphere solution, Huawei-developed FusionManager manages resources in data
centers. FusionManager provides comprehensive resource pool management functions using
northbound APIs provided by OpenStack and offers hardware management functions using
built-in hardware management submodules.
Figure 1.7 shows the FusionManager position in the FusionSphere solution.

Ltd.
Figure 1.7 FusionManager position in the solution
FusionManager provides the following functions:

 External network management
Allows users to create, view, and delete external networks connected to OpenStack.
 Host management
Allows users to query and monitor hosts and view host performance information based
on the specified time period (by day or week).
 VM specifications management
Allows users to configure, query, and delete VM specifications and specify the VM
startup mode.
 Image management
Allows users to create, upload, delete, modify, and export images.
FusionManager supports a variety of image formats, including ISO, RAW, QCOW2,
VMDK, VHD, and AMI.
 Alarm management
− Displays all system alarms. An alarm is automatically cleared after the fault is
rectified.
− Allows users to manually clear alarms and export alarm information.
− Allows users to set different alarm severities, including critical, major, and minor.
− Allows users to mask alarms. The alarms that have been masked are no longer
reported.
− Allows alarms to be reported to third-party systems using emails, short messages, or
the Simple Network Management Protocol (SNMP) protocol.
− Allows users to collect alarm statistics by multiple dimensions, such as the object,
time, and severity. The alarm statistics are helpful to alarm analysis, trend analysis,
fault analysis, and fault prevention.

Ltd.
 Performance monitoring
− Monitors performance of hosts and VMs.
− Monitors the CPU, memory, and storage usages of hosts and VMs.
 Report
− Provides real-time and historical monitoring reports of hosts and VMs.
− Allows users to query reports generated at specified periods of time, for example,
daily, weekly, or monthly reports.
Server monitoring information includes:
− Alarm statistics
− CPU usage
− Memory usage
− Inbound and outbound network traffic rates
− Disk I/O and disk usage
Storage device monitoring information includes:
− Alarm statistics
− Mounting status
− Total size
− Allocated size and available size
Network monitoring information includes:
− Port status
− Port traffic
VM monitoring information includes:
− VM status
− CPU usage
− Memory usage
− Disk I/O and disk usage
 Open APIs
FusionSphere provides open APIs for external systems to obtain alarm data.
− Alarm query interfaces (HTTP REST):
 Querying the alarm list and alarm status
 Querying alarm resources
− Alarm subscription interfaces (HTTP REST)
− Alarm reporting interfaces (SNMP)
3.2.3 Key Features

Computing Virtualization
Server Virtualization

Ltd.
The FusionSphere system uses the bare-metal architecture to virtualize server computing
resources. One server can be virtualized into multiple isolated virtual servers, thereby
improving server resource utilization and simplifying system management.
The FusionSphere system supports VM affinity, which allows multiple VMs to be placed on
different servers based on the configured rules to implement mutual-assistant VMs or active
and standby VMs, and achieve cost-effectiveness.
 Location Affinity
− Keep VMs together: VMs that are added to this rule must run on the same host. One
VM can be added to only one Keep VMs together rule.
− Mutually exclusive: VMs that are added to this rule must run on different hosts. One
VM can be added to only one Mutually exclusive rule.
− VMs to hosts: This rule associates a VM group with a host group so that VMs in the
VM group can be only deployed on and migrated to hosts in the host group.
 Capability Affinity: Non-uniform memory access (NUMA) nodes are introduced in
physical servers to improve the memory access efficiency of CPUs. The CPUs and
memory resources used by VMs (guests) are grouped into NUMA nodes based on the
memory access efficiencies of the CPUs. A CPU can achieve its maximum memory
access efficiency when accessing memory within its own NUMA node. When a VM is
created, FusionSphere preferably allocates CPU and memory resources required by this
VM on one NUMA node, thereby reducing memory access latency and improving
memory performance.
VM Resource Management
Users can create VMs using a VM template or in a custom way, and manage clustered
resources, including automatic resource scheduling, VM management (such as creating,
deleting, starting, stopping, restarting, hibernating, and waking up a VM), storage resource
management (such as common disk and shared disk management), and VM security
management.
The FusionSphere system also supports VM live migration and VM HA.
FusionSphere allows users to adjust the number of virtual CPUs (vCPUs), memory size,
NICs, and volume attaching and detaching status.
Network Virtualization
The FusionSphere system supports the following features for network virtualization:
 Network bandwidth control, ensuring network QoS
 Distributed virtual switch (DVS)
 Single-root I/O virtualization (SR-IOV), improving network processing performance
 Interconnection with the OpenStack Neutron network
Storage Virtualization
The FusionSphere system supports Huawei distributed storage software FusionStorage as well
as disk arrays, such as fibre channel storage area network (FC SAN) and IP SAN storage.
Virtual Data Center Management

FusionSphere provides various templates and specifications to facilitate service provisioning.

Ltd.
A private cloud is entirely isolated from all VMs that are not hosted by this private cloud. An
enterprise can apply for VPCs on the public cloud platform and use independent IP addresses
and subnets in its VPCs. Furthermore, the enterprise can use the access control list (ACL)
rules of physical firewalls to implement isolation between subnets in a VPC and between
subnets and external networks.
Users can apply for a security group based on VM security requirements and configure access
rules for the security group. After a VM is added to the security group, the VM is subject to
these rules. Security groups implement secure isolation and access control for VMs, thereby
improving VM security.
An elastic IP address allows users to use a fixed public IP address to access the VM to which
the public IP address is mapped.
Multi-Data-Center Management
If an enterprise or carrier has multiple data centers scattered in different regions, the
OpenStack cascading technology helps implement centralized management and maintenance
of multiple data centers.
3.3 Computing Resource Planning

3.3.1 Server Selection
This project uses x86 servers to build the virtualization platform. Physical servers are
consolidated into computing resource pools, and services are migrated to the cloud platform.
Resources are shared on the cloud platform, thereby implementing dynamic resource
scheduling, maximizing resource utilization, and reducing the hardware investment and
maintenance cost. Database components can be deployed on physical servers.
Observe the following requirements when selecting servers in this project:
//(Delete this sentence before delivering this document to the customer.) Select servers based
on the specific project.
 Use blade servers in this project. As an emerging architecture, a blade server integrates
network, management, power supply, and heat dissipation facilities in a unified subrack,
thereby implementing integrated deployment of multiple servers and simplifying
network cabling for the project.
 Use four-socket servers (each blade server is equipped with four CPUs). Each server
must use the Intel Xeon E5-4620 CPUs and have at least 128 GB of memory. Large
memory is required because the servers are used to construct virtual resource pools.
3.3.2 Planning for Existing Servers to Be Reused

Table 7.1 describes the planning for the servers to be reused based on the server configuration.

Ltd.
Table 7.1 Server reuse planning

No. Server CPU Memory Number Hard Disk Server Reusable Used As Remarks
Model Model (GB) and Quantity, Quantity
Traffic Capacity,
Rate of and Type
Network
Ports
1 IBM Intel 48 Four GE Two 600 GB 20 Yes Computing

X3650 E5620 ports SAS hard nodes
disks
No Physical Describe
servers for the reason
deploying why the
the XXX server
service cannot be
system reused.
3.3.3 Server Quantity Planning

Use SPECint2006 Rate for calculation. You can query the SPEC value from
http://www.spec.org/cgi-bin/osgresults?conf=rint2006.
To migrate existing application systems, calculate the number of required servers based on
the SPEC value. To add service systems, calculate the number of required servers according
to Performance Configuration Guide for the Server Consolidation Solution v1.0.docx
obtained at http://3ms.huawei.com/hi/group/8395/wiki_2558457.html.
The following introduces two calculation methods: a rough calculation method by calculating
the overall SPEC demand and an accurate method by converting the SPEC value into the
number of vCPUs and then converting the number of vCPUs into the number of servers.
Method 1: Calculation based on the SPEC demand
The principle of this calculation method is to add all the SPEC values consumed by the
original application systems to calculate the total computing capability and to query the SPEC
value of the new servers. The number of servers equals to the total computing capability
divided by the SPEC value of the new servers.
An example is provided as follows:
The average CPU usage of 107 Dell PowerEdge 2950 servers (8 GB memory and two E5420
CPUs, each with 2.50 GHz dominant frequency and four cores) is 20%. The SPEC value is
118, which is obtained at http://www.spec.org/cgi-bin/osgresults?conf=rint2006.
Application systems are to be migrated to RH5885 servers (each with four 8-core E7-4820
CPUs at a dominant frequency of 2 GHz). The SPEC value is 775.
Therefore, the server quantity can be calculated according to the following formulas:
Computing capability requirement = ∑ (SPEC value of existing servers x CPU usage) x (1 +
Redundancy factor) = 107 x 118 x 20% x (1 + 20%) = 3283
Generally, the redundancy factor is from 10% to 20%. 20% is recommended.

Ltd.
Allocatable server computing capability = SPEC value x CPU usage x (1 – Number of UVP
hyperthreadings/Total number of hyperthreadings) = 775 x 70% x [1 – 2/(4 x 8 x 2)] = 525
The number of hyperthreadings consumed by the underlying hypervisor is 2. The CPU usage is from
50% to 70%.
Total number of servers = Roundup (Computing capability/Allocatable server computing

capability) = Roundup (3283/525) = 7 servers
When calculating the actual number of servers, take redundancy into consideration. You must reserve at
least one redundant server for each cluster to support the VM HA feature.
If 8 GB memory modules are used, the number of memory modules of each server can be
calculated as follows:
Number of memory modules of a server = (Total memory size/Number of servers + 8 GB)/8
GB = (987 GB/7 servers + 8 GB for virtualization consumption)/8 = 19 memory modules
You are recommended to configure an even number of memory modules. Make sure that the memory
usage is no more than 80%.
Method 2: Calculating the number of vCPUs based on the SPEC value

The number of VM vCPUs and memory size determine the number of servers. Currently,
servers support both 16 GB and 32 GB memory modules. Therefore, memory is not a
bottleneck for server performance.
An example is provided as follows:
The average CPU usage of 107 Dell PowerEdge 2950 servers (8 GB memory and two E5420
CPUs, each with 2.50 GHz dominant frequency and four cores) is 20%. The SPEC value is
118, which is obtained at http://www.spec.org/cgi-bin/osgresults?conf=rint2006.
Application systems are to be migrated to RH5885 servers (each with four 8-core E7-4820
CPUs at a dominant frequency of 2 GHz). The SPEC value is 775.
Therefore, the computing capability of a single server can be calculated according to the
following formulas:
Computing capability of a single server vCPU = SPEC CINT2006 rates value x CPU usage/
(Number of CPUs x Number of cores x 2 – Number of logical cores consumed by
virtualization) = 775 x 70%/(4 x 8 x 2 – 2) = 8.7
Number of required vCPUs = Roundup (118 x 20%/8.7) = 3
Required memory size: 8 GB
VM resources:
Total number of VMs: 107
Total number of vCPUs: 322
Total VM memory size: 856 GB
Server quantity calculation:

Ltd.
To ensure VM reliability on the cloud platform and enable smooth VM migration in the event
of server failures, reserve 20% (configurable based on the specific project) CPU and memory
resources on the computing servers during system deployment.
Based on the preceding principles, the number of computing resources required by the system
can be calculated as follows:
Number of vCPUs: 322 x 120% = 387
Memory size: 856 GB x 120% = 1028 GB
Based on server models (four 8-cores) and the 30% redundancy requirement, the number of
required servers can be calculated as follows:
Number of servers = Number of vCPUs/(Number of CPUs x Number of CPU cores x 2 – 2) =
387/(4 x 8 x 2 – 2) = 7 (Roundup)
If 8 GB memory modules are used, the number of memory modules of each server can be
calculated as follows:
Number of memory modules of a server = (Total memory size/Number of servers + 8 GB)/8
GB = (1028 GB/7 servers + 8 GB for virtualization consumption)/8 = 20 memory modules
Table 7.2 lists the number of required servers.
Table 7.2 Number of servers

No. Server Quantity Remarks
1 RH2288H V2 4 XXX
2 XXX XXX XXX
3.4 Storage Resource Planning

3.4.1 Storage Requirements
//(Delete this sentence before delivering this document to the customer.) Plan storage capacity
based on the specific project.
This project requires XXX TB storage capacity for services and XXX TB capacity for data
disaster recovery (DR).
3.4.2 Storage Selection

//(Delete this sentence before delivering this document to the customer.) Select FusionStorage
or disk arrays based on the specific project.
Distributed Storage (Recommended)

//(Delete this sentence before delivering this document to the customer.) If storage arrays are
used, delete this section.

Ltd.
FusionStorage is a distributed storage software product developed and owned by

Huawei. It uses innovative architecture and design and features high performance, reliability,
and cost-effectiveness. It highly integrates storage and computing resources and offers
consistent and predicable performance, scalability, flexibility, and self-recovery.
FusionStorage uses the distributed cluster control and hash routing technologies to provide
distributed storage.
Figure 1.8 shows the functions provided by the FusionStorage architecture.
Figure 1.8 FusionStorage architecture
Storage interface layer: provides volumes for operating systems (OSs) and databases over the
Small Computer System Interface (SCSI).
Storage service layer: provides various advanced storage features, such as snapshots, linked
cloning, thin provisioning, distributed cache, and backup and DR.
Storage engine layer: provides basic storage functions, including management status control,
distributed data routing, strong-consistency replication, cluster self-recovery, and parallel data
rebuilding.
Storage management layer: provides the O&M functions, including software installation,
automatic configuration, online upgrade, alarm reporting, monitoring, and logging, and also
provides a portal for user operations.
Huawei distributed cloud data center solution uses the FusionStorage system. FusionStorage
employs the new-generation distributed storage architecture and parallel, distributed grid
storage technologies. The horizontally scalable architecture and distributed multiple-node grid
implement storage load balancing. Fine-grained data distribution algorithms are used to
ensure constantly even data distribution. FusionStorage improves system reliability,
availability, and data storage and retrieval efficiency. In addition, the capacity of
FusionStorage can be easily expanded. Simply speaking, FusionStorage can be deployed on
common servers to consolidate local disks on all servers into a virtual storage resource pool.
Volumes are fragmented and distributed to all hard disks of the resource pool, thereby
achieving fine-grained, high-concurrency data storage and retrieval.
Figure 1.9 shows the principles of the FusionStorage distributed storage resource pool.

Ltd.
Figure 1.9 Principles of the FusionStorage distributed storage resource pool
FusionStorage has the following characteristics:

 Advanced distributed architecture
FusionStorage uses a distributed architecture that features the distributed management
clusters, distributed hash routing algorithm, distributed and stateless engines, and
distributed intelligent cache. This architecture can effectively prevent SPOFs in the
entire storage system.
 High performance and high reliability
FusionStorage balances loads among all disks and stores data in a distributed manner,
thereby preventing data hotspots in the system. The effective routing algorithm and
distributed cache mechanisms ensure high performance. FusionStorage supports data
backup and stores a piece of data with multiple identical copies on different servers or
disks. Therefore, failures of a single hardware device do not interrupt services.
Furthermore, FusionStorage employs the strong-consistency replication technology to
ensure data consistency between data copies.
 High IOPS and low latency: FusionStorage uses large-capacity cache technology to
improve IOPS.
Volumes are fragmented and distributed to all disks in the resource pool, increasing the
stripe width. Compared with the traditional RAID, a single volume using virtualized
RAID delivers significantly improved performance.
FusionStorage provides balanced access, eliminating hotspots. The resource usages of all
nodes in the resource pool are the same.
Fixed RAID arrays do not need to be preset. The virtual storage resource pool adapts to
the dynamic changes of application loads.
Application programs access data from the storage system through the cache, which
shortens the latency.
 Easy expansibility and ultra-large capacity: The distributed system eliminates
performance bottlenecks and facilitates capacity expansion.
Capacity expansion: Distributed engines (each server acts as an engine) eliminate
performance bottlenecks and facilitate capacity expansion.
Non-stovepipe expansion: FusionStorage supports simultaneous storage and computing
capacity expansion.
Plug-and-play capacity expansion: After resources are added, the system automatically
balances loads among all servers, achieving smooth capacity expansion.

Ltd.
 Easy management: The simple FusionStorage structure simplifies management.

No configuration and management at low layers: FusionStorage is integrated in Huawei
virtualization solutions, and therefore only the application-layer management is required.
Zero performance management cost: FusionStorage implements automatic load
balancing and fault recovery. Manual performance optimization is not required.
 Rapid data rebuilding: FusionStorage implements rapid parallel data rebuilding.
Data is distributed to different servers or different cabinets so that data can be obtained
even if a server or cabinet is faulty.
Data is fragmented in the resource pool. If a hard disk is faulty, FusionStorage
automatically rebuilds these data fragments by simultaneously restoring data copies in
the resource pool, without requiring hot spare disks.
 Deep integration of computing and storage resources
FusionStorage is deployed on servers that have local hard disks attached to virtualize all
the local disks on the servers into a virtual resource pool. This resource pool integrates
computing and storage resources of the servers and can function like an external storage
device of the servers.
Storage Arrays
//(Delete this sentence before delivering this document to the customer.) If FusionStorage is
Storage arrays consist of IP SAN and FC SAN arrays. FC SAN is a closed network based on
traffic control, and therefore it has higher traffic transmission efficiency than IP SAN. This
project uses FC SAN storage to ensure high storage performance and reliability.
SAS, SATA, and NL SAS are the three mainstream disks in the industry. SAS disks are
typically recommended for carrying services.
RAID 5, RAID 6, and RAID 10 are all the commonly used RAID arrays. Among them, RAID
5 is typically used by service systems, whereas RAID 10 is typically used by databases.
Table 9.1 describes the example storage planning for this project.
Table 9.1 Storage planning

System Storage Array Hard Disk RAID Array
Service High-end FC 900 GB SAS disks with a RAID 5 (for service systems)
system SAN storage revolutions per minute and RAID 10 (for databases)
(RPM) of 10,000
XXX XXX XXX XXX
3.4.3 Storage Capacity Planning

Properly plan the storage performance and capacity, and ensure that the storage can meet the
service requirements in the following three to five years.

Ltd.
Distributed Storage (Recommended)

//(Delete this sentence before delivering this document to the customer.) If storage arrays are
This project requires XXX storage nodes.
Table 9.2 lists the key configuration of each storage node.
Table 9.2 Key configuration of each storage node

Item Specifications
Subrack RH2288H V2 subrack (with 14 hard disks configured)

Memory 18 x 32 GB
NIC Four 10GE optical interfaces
SSD card 400 GB
CPU Two Xeon® E5-2690 V2 CPUs
Hard disk Twelve 3.5-inch 2 TB SATA hard disks and two 2.5-inch 600 GB
SAS hard disks
Each storage node is equipped with 14 hard disks. Two 2.5-inch 600 GB SAS disks are used
to group RAID 1 for installing the virtualization software, and the rest 12 hard disks are
virtualized by FusionStorage to provide virtual disks for service VMs.
Storage Arrays
Table 9.3 describes the example configuration of storage arrays.
Table 9.3 Storage array configuration

Storage Array Quantity Remarks
S5300 V3 4 XXX
XXX XXX XXX
3.5 Reliability Design

Delete this section if the customer needs a streamlined technical proposal.
The data center virtualization solution ensures system reliability and service continuity from
multiple aspects, including servers, storage, network, and virtualization.

Ltd.
3.5.1 OpenStack HA
OpenStack reliability is determined by the reliability of services provided by OpenStack,
including:
 Representational State Transfer (REST) API service reliability, which provides
continuous API services for users.
 Database service reliability, ensuring user configuration data integrity and service
continuity.
 Communication service reliability, ensuring uninterrupted interaction between
components.
3.5.2 Virtualization Reliability

Virtualization is a core mechanism of a data center. After being virtualized by FusionSphere,
the data center supports VM live migration and VM HA functions to ensure service continuity
and supports snapshot creation for VMs and volumes to enable rapid system restoration if
faults occur.
3.5.3 Management Reliability

FusionSphere management modules are all deployed working in active/standby mode or load
balancing mode to ensure system reliability.
FusionSphere supports monitoring of physical servers, software, and resources and provides
comprehensive fault detection and rectification capabilities. FusionSphere collects
information about server key indicators, including the CPU usage, basic network traffic, and
memory data. Accordingly, it checks system status and reports alarms if detecting faults, such
as process exceptions, management and storage link faults, node breakdown, and system
resource overload. Such alarms can be automatically cleared by the system or need to be
handled by administrators in a timely manner.
All physical servers in the FusionSphere system use the black box technology to improve
fault rectification capabilities. If a system exception occurs, the system automatically stores
its kernel logs, system snapshots, kernel diagnosis information, and last words to a non-
volatile storage device, such as a computing node, or uploads the information to a network
server, such as a log server. This technology allows users to quickly analyze black box logs,
locate fault causes, and rectify the faults accordingly.
All OpenStack services are deployed in active/active or active/standby mode for redundancy.
3.5.4 Server Reliability

The FusionSphere system takes the following measures to ensure server reliability:
 Real-time temperature monitoring of key thermal components, such as the CPUs,
memory, fans, power supplies, and hard disks. Alarms are generated if faults occur.
 Intelligent fan speed control and monitoring.
 Hard disk hot swap, RAID arrays, and in-service hard disk fault detection and warning.
 Power supply 1+1 redundancy and hot swap.

Ltd.
3.5.5 Storage Reliability

Data center virtualization typically uses centralized shared SAN storage devices. Huawei
FusionSphere supports storage cold migration and dynamic resource scheduler (DRS) based
on storage I/O operations.
FusionSphere also supports the storage multipathing function. At least two fully redundant
paths are configured between each computing node and the storage cluster. Typically, eight
paths are available between a VM and a storage device, thereby ensuring storage network
reliability.
In addition, SAN storage devices employ dual or multiple controllers to ensure the reliability
of physical links and use hot spare disks for data backup and restoration.
FusionStorage stores a piece of data in several identical copies on different servers or disks.
Therefore, failures of a single hardware device do not interrupt services. Furthermore,
FusionStorage employs the strong-consistency replication technology to ensure data
consistency between data copies.
3.5.6 Network Reliability

In the networking of the cloud data center, all network links are physically redundant. Access
switches can be stacked to provide redundant connections from physical servers to
aggregation switches and to the virtual network layer. At the virtual network layer, two or
more NICs of a server are bound as a logical NIC to prevent service interruptions due to the
failure of a single NIC.
Two NICs are provided for each communication plane (service, storage, and management)
and are bound as one logical NIC to function in bonding mode, which implements access
traffic sharing among servers and ensures NIC reliability.
3.6 (Optional) Security Plan Design

Delete this section if the customer needs a streamlined technical proposal.
3.6.1 Security Architecture

Huawei FusionSphere uses a comprehensive security architecture to strength network and
virtualization isolation. This architecture uses two defense methods: layered defense and
defense in depth.
 Layered defense: implements security policies in multiple domains of the network to
prevent SPOFs on the network.
 Defense in depth: employs various defense policies to ensure that another policy can
take effect to protect data if one policy is not effective to ensure security.
The cloud data center framework is divided into several layers, including physical layer, host
or virtualization layer, network layer, data layer, and O&M layer, based on the network
architecture to meet compliance requirements and provide guidance for deploying the data
center security solution.
Figure 1.10 shows the cloud security architecture.

Ltd.
Figure 1.10 Cloud security architecture
The cloud data center framework ensures the system security in the following aspects:
 Physical security
Only authorized personnel can enter the cloud data center equipment room. Monitoring
devices are installed in the equipment room, facilitating after-the-event auditing.
 Basic security
Plenty of generic software, including OSs, databases, and web applications, is used in a
cloud computing environment. This makes the system prone to viruses, vulnerabilities,
Trojan horses, or denial of service (DoS) attacks. Huawei FusionSphere uses system
hardening, antivirus services, and security patches to protect the system against the
attacks, thereby ensuring basic security.
 Virtualization security
Cloud computing not only provides resource sharing but also brings new risks and
threats. To address these risks and threats, the virtualization layer of FusionSphere
separates hosts from VMs and separates the VMs that deployed in different departments
or companies, which ensures VM security. In addition, to prevent attacks initiated by
VMs within a cloud, deploy host-based virtual firewalls, intrusion detection systems
(IDSs), or intrusion prevention systems (IPSs), instead of traditional firewalls or IDS
devices at the network egress.
 Network security
The data center network may be attacked by various security risks, such as DoS attacks,
eavesdropping, and tampering of user data. Huawei FusionSphere ensures network
security using multiple methods, including network isolation, attack defense, and
transmission security assurance.
By subnet division and network isolation, the data center network is divided into the
computing, storage, management, and access domains. These domains are isolated from
each other, and the management plane uses an isolated physical network. This prevents
network problems, such as network storms, from being spread all over the network.

Ltd.
3.6.2 Network Security

The cloud data center provides services for external users over networks. Therefore, it is
exposed to security threats, such as the distributed denial of service (DDoS) attacks, user data
eavesdropping, and tampering from the Internet or other connected networks. These threats
must be defended against to ensure secure business operation of the cloud data center. In this
project, the cloud data center is built with consideration of network isolation, attack defense,
and transmission security to provide secure data center networks for enterprises.
 Security zone division and network isolation
By network division and isolation, the data center network is divided into the computing,
storage, management, and access domains. These domains are isolated from each other,
and the management plane uses an isolated physical network. This prevents network
problems, such as network storms, from being spread all over the network.
− Users in a data center are isolated by virtual private clouds (VPCs) and virtual
firewalls (security groups), ensuring that the networks of different departments and
users are independent of one another.
Figure 1.11 illustrates cloud network isolation using VPCs.
Figure 1.11 Cloud network isolation using VPCs
With VPCs configured, each department in the cloud data center has independent
VLANs, which correspond to independent virtual firewalls. The cloud data center
ensures secure seamless access to enterprise or department data and applications from
the enterprise or department intranet using the virtual private network (VPN) or
private network. In addition, employees on business trips can access data and
applications of their enterprises or departments in the cloud data center.
Figure 1.12 illustrates cloud network isolation using security groups.

Ltd.
Figure 1.12 Cloud network isolation using security groups
The cloud data center provides network security groups (virtual firewalls) to ensure
security between VMs, including VMs on one physical host. Users can apply for
security groups on the portal and define ACL rules for each security group, for
example, open a specific network service or port, allow an external IP address to
access a VM port, and authorize the access between security groups. One security
group can have multiple ACL rules.
− The internal communication plane is divided into the service plane, storage plane,
and management plane. These planes are isolated from each other using VLANs.
Deploy firewalls between these planes if they need to communicate.
Figure 1.13 illustrates the security domain division of the cloud data center.
Figure 1.13 Cloud security domain division
The FusionSphere solution is an integrated security solution that uses the private
network or IPsec VPN to interconnect the enterprise intranet with the data and
applications of the enterprise in the cloud data center. The enterprise can plan internal
IP addresses for the enterprise data and applications in the cloud computing center as
required. Therefore, users on the enterprise intranet can access the enterprise data and
applications in the cloud data center just like accessing the intranet. In addition,

Ltd.
employees on business trips can access the cloud data center over flexible Secure
Sockets Layer (SSL) VPN connections to implement mobile working.
− (Optional) A demilitarized zone (DMZ) is created for intranet isolation.
A DMZ is a buffer area between an insecure system and a secure system and is
located in the small network between the internal network and external network of
the data center. Some server facilities open to the Internet, such as web servers, File
Transfer Protocol (FTP) servers, and forums, can be located in the DMZ. The DMZ
effectively ensures the security of internal networks.
− Network planes are isolated to ensure data security.
The network communication plane of FusionSphere OpenStack can be divided into
the management network, tenant network, and storage network. These networks are
isolated by VLANs, and tenant networks are isolated by Virtual eXtensible LANs
(VXLANs). The network isolation mechanism ensures that operations performed on
the management platform do not interrupt service running and prevents end users'
operations from adversely affecting basic platform management.
 Tenant network
A tenant network provides a channel for users to obtain services, for VMs to
communicate with each other, and for external applications to interact with the
FusionSphere system.
A tenant can have multiple tenant networks. VMs of the tenant can connect to
the tenant networks to communicate with one another.
 Storage network
A storage network provides a channel for block storage devices to communicate
and provides storage resources for VMs through the virtualization platform,
instead of communicating directly with VMs.
 Management network
A management network provides such functions as system management, service
deployment, and system loading.
 Border protection
Huawei FusionSphere uses high-performance firewalls to protect the system against
scanning attacks, malformed packet attacks, resource exhaustion attacks, and special
packet control attacks.
The firewall enables the Network Address Translation (NAT) function to hide internal
networks, isolates services using security zones, uses ACL rules and connection status
check to ensure legitimate data communication, and employs the IPS to prevent intrusion
towards the application layer. The firewall implements strict ACL rules for the cloud
platform. A physical firewall can be virtualized into multiple logically independent
firewalls, each of which provides independent security policies to protect services of
specific users.
The built-in IPS module of a firewall can configure specific defense policies based on
the destination IP addresses of packets to protect service traffic in the specified IP
address segments from being attacked.
Huawei FusionSphere implements the differentiated anti-DDoS function to allow
customization and management of attack defense policies for large-scale enterprises. The
defense type, protected IP address, HTTP port number, and check thresholds all can be
customized based on customer requirements.
The SSL VPN gateway can be virtualized into multiple virtual gateways to isolate
enterprise users and allow IP address overlapping.

Ltd.
In addition, FusionSphere provides the network traffic analysis function to collect

statistics on service traffic transmitted over the network in real time. It also performs
real-time intrusion detection and interworks with firewalls to report alarms. Moreover, it
is able to defend against DDoS attacks.
 (Optional) Intrusion detection and prevention policies
FusionSphere employs the IPS devices that can integrate intrusion detection and
intrusion prevention functions. With advanced IPS engines deployed, FusionSphere can
effectively detect attacks launched by hackers, protect the system against the attacks, and
update the IPS library online in a timely manner to defend against new attacks.
 Transmission security
Data transmission may be interrupted, and data may be replicated, modified, forged,
intercepted, or monitored during transmission. Therefore, it is necessary to ensure the
integrity, confidentiality, and validity of data during network transmission. Huawei
FusionSphere takes the following measures to ensure data transmission security of the
cloud data center:
− Supports SSL encryption for data transmitted between trust zones and untrust zones.
− Supports Hypertext Transfer Protocol Secure (HTTPS) access for user management
services and SSL VPN access for services with high security requirements.
− Supports SSH for users to access VMs.
3.6.3 Virtualization Security

VM Isolation
FusionSphere supports VM isolation so that resources on different VMs running on the same
physical server are separated. This is one of the basic characteristics of a VM. The resources
include CPUs, memory, internal networks, and disk I/O operations.
Account Management, Authentication, and Authorization

Huawei FusionManager supports management of the administrator accounts. It provides a
default super administrator account admin so that users can log in to the system as user
admin, create other accounts, and allocate rights to these accounts.
FusionManager supports role management and role-based authorization. In the current
version, FusionManager supports three types of roles: super administrator, O&M
administrator, and guest. Different roles are allocated different rights.
Tailoring and Hardening of the Cloud Platform OS

Module tailoring, security hardening, and security setting have been implemented on the OS
of each virtualization server on the Huawei FusionSphere cloud platform, which eliminates
the need to install other irrelevant components and lowers the possibility of security
vulnerabilities occurred in the host OSs.
 Module tailoring
This solution simplifies the cloud platform OS based on the principle of installing
systems with minimum configurations. Only required components are installed. The
quantity of OS software is substantially reduced. This lowers the possibility of systems
from being attacked.

Ltd.
 Security setting
This solution implements security settings for host OSs according to the Linux OS
security benchmark of the Center for Internet Security (CIS). For example, insecure
services are disabled, password strength policies are configured, and permission for files
and directories is properly configured.
 Security patch management
Huawei provides a strict process for managing security patches and regularly releases
tested OS patch packages on the Huawei support website. O&M personnel can regularly
download and install OS patches.
Protection Against Malicious VMs

 Protection against address spoofing
Virtual switches (vSwitches) in the hypervisor bind the IP addresses and MAC addresses
of VMs so that each VM can send packets only using its own address. This prevents VM
IP address spoofing and Address Resolution Protocol (ARP) address spoofing.
 Protection against malicious sniffing
The vSwitches in the hypervisor are Ethernet switches (only for switching but not for
sharing). When packets of different VMs are forwarded to the specified virtual port, a
VM cannot receive packets of other VMs even on the same physical server. This
prevents malicious sniffing.
3.6.4 Data Security

Data security is critical to data center security. Huawei FusionSphere supports the following
functions to ensure user data security:
 Access control for user volumes
The system defines different access policies for all volumes, which are isolated from one
another. Only authorized users can access a volume.
 Access authentication for storage nodes
Users access storage nodes using standard Internet Small Computer Systems Interfaces
(iSCSIs). Storage nodes support Challenge Handshake Authentication Protocol (CHAP)
authentication, which ensures that application servers securely access the storage system.
After CHAP authentication is enabled in the storage system, it must also be enabled on
the application server, and the application server information must be added to the
storage system. In this way, the storage system will regard the application servers as
legal CHAP users. An application server can fetch data from the storage system only
after being authenticated.
 Thorough data deletion
After a user detaches a disk from a VM to release the disk resource, the system can
format the disk before reassigning the disk to another user. This operation ensures user
data security.
After user files or objects are deleted from a storage area, the system thoroughly deletes
data in the area and marks the area as write-only. This mechanism protects the storage
area against unauthorized restoration.
 Multiple data backup copies
The FusionSphere system stores each piece of data in one or multiple identical copies.
This mechanism ensures data security and service continuity even if the data storage
medium, such as the hard disk, is faulty.

Ltd.
The system performs bit- or byte-based verification for the stored data and evenly
distributes the verification information on each disk in a disk array. Disk arrays save user
data blocks and data verification information on different disks. Therefore, if a data disk
is faulty, the system can rebuild data on the disk using other data blocks in the same data
strip and the verification information.
 SAN coffer technology
If the SAN devices are powered off unexpectedly, the SAN coffer technology is used to
ensure data security and integrity.
With the SAN coffer technology, some areas of several hard disks are specifically used
to store cache data and some system configuration data that are not written to hard disks
due to the power outage. During power failure, internal batteries or external
Uninterruptible Power Systems (UPSs) supply power to enable cached data to be written
to data coffers. After the power is restored, data in the data coffer is written to the cache
for processing.
3.6.5 O&M Management Security

The following threats are exposed to O&M management:
 Fine-grained control of administrator rights is not supported.
 Weak passwords are used and have not been changed for a long period of time, leading
to password theft.
 Malicious behavior of administrators cannot be monitored and backtracked.
FusionSphere takes the following measures to ensure O&M management security:
 Rights- and domain-based management of administrators
Administrators log in to web clients to manage the cloud system, including viewing
resources and provisioning VMs.
The system supports access control over and rights- and domain-based management of
the web client users.
 Account management
To improve system security, change passwords regularly.
The password must meet the following requirements:
− The password must contain at least eight characters.
− The password must contain at least three of the following character types:
 Uppercase letters
 Lowercase letters
 Digits
 Spaces
 Special characters `~!@#$%^&*()-_=+\|[{}];:'",<.>/?
− The password cannot be the username or the username in reverse order.
To ensure password security, you can configure password policies, for example,
specifying the password length, password validity period, and whether special characters
are allowed.
Passwords are not stored in plaintext.
 Log management
Huawei FusionSphere supports the following logs:

Ltd.
− Operation logs
Operation logs record the detailed information about management and maintenance
operations performed by O&M personnel. The information, including the username,
operation type, client IP address, operation time, and operation result, is used by
auditing personnel to periodically check for inappropriate or malicious operations.
The operation logs can be used as operation evidence to address disputes.
− Run logs
Run logs record the information about the running status of each node in the system.
Run logs can be generated based on log levels.
Run log information includes the log level, thread name, and running information. By
viewing run logs, O&M personnel can learn and analyze the running status of the
system to detect and handle exceptions in a timely manner.
− Black box logs
Black box logs record information about severe system faults and are used to locate
and handle faults. The system transfers black box logs generated for computing nodes
to the log server, and saves black box logs generated for management nodes and
storage nodes in local directories.
3.7 (Optional) Backup Plan Design

This section describes the eBackup backup plan delivered with the FusionSphere Advanced
Edition or Platinum Edition (Operation Edition for carriers). If customers require the
deduplication and VMware backup capabilities, they need to separately purchase the license
for the eBackup advanced features. If customers agree to use the eBackup backup function,
retain this section. If customers need to use their own backup software or devices or do not
use the backup function, delete this section.
3.7.1 eBackup Backup Plan Overview

Figure 1.14 illustrates the backup mechanism of eBackup VMs in the eBackup plan.

Ltd.
Figure 1.14 Backup mechanism of eBackup VMs
The eBackup VM backup plan uses Huawei eBackup backup servers, the FusionCompute
snapshot function, and the Changed Block Tracking (CBT) function to back up VM data. By
collaborating with FusionCompute, the eBackup software backs up data of a specified VM or
a VM volume based on the configured backup policies. If a VM becomes faulty or its data is
lost, the VM can be restored using the backup data. The data can be backed up to an external
SAN or NAS storage device.
The eBackup VM backup plan delivers the following characteristics:
 No backup agent needs to be installed on the VM to be backed up.
 VM data can be backed up regardless of whether the VM is in the running or stopped
state.
 Backup and restoration can be performed for VMs using different storage resources, such
as FusionStorage or virtualized storage resources.
 VM data can be backed up to various storage devices, including external SAN or NAS
storage devices connected to the backup server.
 The eBackup backup plan provides application-consistent backup and recovery by
leveraging Microsoft's Windows Volume Shadow Copy Service (VSS). VSS provides a
consistent interface that allows coordination between user applications that update data
on disks and those that back up applications.
 Multiple backup modes are supported, including full backup, incremental backup, and
batch backup.
− Full backup backs up only valid data.

Ltd.
− Incremental backup backs up only the data blocks that have been changed since the
last backup. Therefore, less data needs to be backed up, reducing VM backup costs
and minimizing the backup window.
 Data backups can be used to restore entire VMs or VM disks on the original or specified
VMs one by one or in batches. To restore a new entire VM, ensure that the new VM is
created on FusionCompute. Otherwise, the restoration fails. The VM created on
FusionManager or on the desktop cloud cannot be restored using the data backup.
 Multiple VM restoration modes are supported, including VM image-based restoration,
incremental data-based restoration, and fine-grained file-level OS restoration.
− When a VM image is used to restore a VM, the data to be restored is all data in a full
backup.
− Incremental VM data can only be used to restore VMs that use virtualized storage
resources. When the incremental backup data is used to restore the original VM, the
CBT function is used and only data blocks changed since the last backup need to be
restored, thereby implementing quick restoration.
− Fine-grained file-level restoration restores only some files or directories in a disk,
instead of restoring the entire disk. Therefore, the fine-grained file-level restoration is
the fastest and most effective restoration modes.
 When virtualized storage is used at the production site, multiple backup data
transmission modes are supported, including LAN, LAN SSL, and SAN (or LAN-free).
The LAN SSL encryption transmission mode secures the backup data, and the SAN (or
LAN-free) transmission mode improves backup and restoration performance and reduces
performance penalty on production servers. If FusionStorage is used at the production
site, the internal storage network is used for backup. Therefore, the backup data has no
security risks.
 eBackup supports flexible backup policies.
− Allows users to configure differentiated backup policies for VMs or VM groups.
− Allows users to select the VMs to be backed up by selecting a container, such as a
cluster, in the hypervisor, and then automatically discovers new VMs in the selected
container during the data backup.
− Supports multiple backup modes, including full backup and incremental backup.
− Supports deduplication and compression of backup data.
− Allows users to configure the data backup retention duration and automatic deletion
of expired data.
− Allows users to set backup policy priorities.
 eBackup supports concurrent backup and restoration. One backup agent supports up to
40 concurrent tasks.
 VM disks can be backed up and restored across FusionCompute sites.
 The eBackup backup plan employs the distributed architecture that blends backup
servers and backup agents. One backup server manages up to 64 backup agents. The
backup servers can also function as backup agents. Therefore, no additional backup
agent servers are required. Both backup servers and the backup agents can be centrally
managed using a browser. It is recommended that each backup agent backs up data for
200 VMs. You can add backup agents based on the VM scale. A maximum of 10,000
backup agents are supported.
 The eBackup backup plan delivers high reliability.
− If a backup agent fails, its services are distributed to other backup agents.
− The eBackup backup system supports self-recovery in the disaster scenarios, for
example, the OS, host, or storage is damaged.

Ltd.
 The eBackup backup plan supports easy management and maintenance.

− The backup system can be deployed on VMs using templates or on physical servers.
− The eBackup backup system supports centralized backup, restoration, and system
management using the GUI or command-line interface (CLI), which is easy and
straightforward for users to perform operations.
The VM backup plan applies to the following scenarios:
 Server consolidation, data center virtualization, FusionCube, and desktop cloud.
 Storage resources at the production site are provided by FusionStorage or virtualized
SAN devices, NAS devices, or local disks.
3.7.2 Backup Capacity Design

//(Delete this sentence before delivering the document to customers.) Customize the following
content in blue based on actual conditions of the project.
The eBackup software supports SAN and NAS storage as the backup media. When the project
requires more than 1000 VMs to be backed up, use the NAS storage, which delivers sound
scalability and provides high storage capacity. When the project requires less than 1000 VMs
to be backed up, use the SAN storage.
The storage space required for backing up the eBackup database is 50 GB. The storage space
required for user VM backup data is the backup data size of all VMs within the backup data
retention duration. If data deduplication is enabled, the storage space required for backup
decreases by about 20%. You must reserve 20% of the total storage space for redundancy.
The total storage capacity can be calculated as follows:
 Number of VMs to be backed up: N
 Disk space of a single VM: A GB
 Daily incremental data volume: B GB
 Full backup interval: P
 Incremental backup interval: Q
 Retention duration: R days
If data deduplication is disabled:
Total storage capacity = {[A x (R/P + 1) + B x R/Q] x N + 50} x 120%
where
If the full backup is implemented for the first time, and follow-up backup tasks are all
conducted in incremental backup mode, the R/P value is counted as 0.
If data deduplication is enabled:
Total storage capacity = [(A + B x R/Q) x N x 80% + 50] x 120%
In this project, data deduplication is disabled. Therefore, the first formula is used to calculate
the storage capacity.
The CBT files and snapshot data generated during eBackup running needs to consume some
space of the main storage. The space used by CBT and incremental snapshots must be in the
same LUN as the VMs to be backed up. To ensure the availability of the space, arrange the
VMs in the same LUN during storage planning. You also need to reserve some space (10%

Ltd.
recommended) of the main storage for VM backup. If the backup fails due to insufficient
space of the main storage, migrate some VMs away to release space.
Table 14.1 lists the planned capacity of the backup system.
Table 14.1 Capacity planning of the backup system

Service Backup Initial Estimated Full Incremental Retention Data
Host Object Source Incremental Backup Backup Duration Volume of
Name Data Data Interval Interval (Day) Backup
Volume Volume (Day) (Day) Medium
(GB) (GB) (GB)
LIGDB System 20 0.5 Weekly Daily One week 47

volume
Data 60 1 Monthly Daily One month 180
volume
3.8 (Optional) Heterogeneous Hypervisor Management

If the VMware hypervisor is not connected, delete this section.
In this project, virtual resource pools are provided by Huawei FusionCompute and VMware
vSphere. OpenStack manages the cloud platform and hardware devices and interworks with
third-party systems using its northbound APIs to implement O&M management. In addition,
FusionManager provides northbound APIs and SNMP interfaces for interworking with third-
party gateways to implement unified O&M management.

Ltd.
3.9 (Optional) Multi-Data-Center Management

If the customer does not have multiple data centers deployed, delete this section.
One cascading OpenStack can manage one or multiple data centers. One data center contains
one or multiple cascaded OpenStack systems, each of which is considered as an availability
zone (AZ).
The cascading OpenStack system needs to manage multiple cascaded OpenStack systems.
VMs, volumes, and network resources are all running at the cascaded layer. The cloud
platform provides services using RESTful APIs of the cascading OpenStack system. RESTful
APIs allow cascaded OpenStack systems, especially those at the geographically scattered
sites, to be integrated across internal networks or even the Internet.
Each cascaded OpenStack serves as an AZ and provides the CLI and RESTful APIs for
management. The fault of any cascaded OpenStack system does not adversely affect the
services of other cascaded OpenStack systems and the cascading OpenStack system. In
addition, even if the cascading OpenStack system fails, resources of the cascaded OpenStack
systems are still running and can be managed using local OpenStack APIs. Therefore, the
OpenStack cascading mechanism helps to set up always-online, manageable HA cloud
services.
In a word, OpenStack cascading implements multi-data-center management and significantly
simplifies the integration process.

Ltd.
XXX Cloud Data Center SolutionTechnical Proposal Configuration ListConfiguration List
4 Configuration List
This chapter lists the hardware and software devices provided by Huawei for this project.
Customize the content based on the project.
Table 14.2 is an example of the configuration list for the hardware and software devices
provided by Huawei for the cloud data center project.
Table 14.2 Configuration list for the cloud data center project
No. Device Specifications Quantity Remarks
1 Cabinet Standard cabinet: 46 U, 2200 mm x 600 1

mm x 1200 mm (H x W x D)
2 Resource RH2288V2 server: CNA (2 x E5 2620 6
server CPUs, 9 x 8 GB memory, 2 x 1000 GB
SATA disks, 4 x GE NICs, and 1 x RAID
card 2308)
3 Managem RH2288V2 server: MCNA (2 x E5 2620 1
ent server CPUs, 9 x 8 GB memory, 2 x 1000 GB
SATA disks, 4 x GE NICs, and 1 x RAID
card 2308)
4 Storage OceanStor S5300 V3 controller enclosure 1
(2 U, dual controller, AC, 32 GB cache, 8
x GE NICs, 25 x 2.5-inch disks,
SPE33C0225)
OceanStor DAE22525U2 disk enclosure 2
(2 U, AC, 2.5-inch disks, expansion
module, 25 disks, without disk units)
600 GB 10,000 RPM SAS hard disk (2.5- 75
inch)
5 Access S5700-52C-EI LAN switch (48 2
switch 10/100/1000 Base-T RJ45 ports, two
10GE SFP+uplink port, including
stacking cards)

Ltd.
XXX Cloud Data Center SolutionTechnical Proposal Configuration ListConfiguration List
No. Device Specifications Quantity Remarks
6 Cloud FusionSphere Enterprise Edition 14

platform V100R005 (per CPU)
software

Ltd.

Huawei FusionSphere 5.1 Technical Proposal Template (Cloud Data Center)

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Huawei FusionSphere 5.1 Technical Proposal Template (Cloud Data Center)

Uploaded by

Copyright:

Available Formats

XXX Cloud Data Center Solution

HUAWEI TECHNOLOGIES CO., LTD.

Trademarks and Permissions

Huawei Technologies Co., Ltd.

Issue 01 (2015-05-19) Huawei Proprietary and Confidential i

About This Document

2015-05-19 1.0 This issue is the first Li Houqing

Issue 01 (2015-05-19) Huawei Proprietary and Confidential ii

About This Document....................................................................................................................ii

2 Overall Solution Design..............................................................................................................6

3 Detailed Design of the Cloud Data Center Construction Plan............................................9

Issue 01 (2015-05-19) Huawei Proprietary and Confidential iii

3.3.3 Server Quantity Planning..........................................................................................................................................22

Issue 01 (2015-05-19) Huawei Proprietary and Confidential iv

Issue 01 (2015-05-19) Huawei Proprietary and Confidential 1

Government construction. During e-Government development, various outstanding problems

1.2 Risks and Challenges

Issue 01 (2015-05-19) Huawei Proprietary and Confidential 2

1.3 Project Requirements

Issue 01 (2015-05-19) Huawei Proprietary and Confidential 3

 Implement pooled management and on-demand allocation of physical and virtual

1.4 Project Objectives

Issue 01 (2015-05-19) Huawei Proprietary and Confidential 4

Issue 01 (2015-05-19) Huawei Proprietary and Confidential 5

2 Overall Solution Design

2.1 Design Principles

2.1.2 Centralized Platform

2.1.3 Existing System Consolidation and New System

2.1.4 Cutting-Edge and Sophisticated Technologies

2.1.5 High Reliability

Issue 01 (2015-05-19) Huawei Proprietary and Confidential 6

2.1.7 Flexibility and Scalability

2.2 Overall Solution Architecture

Figure 1.1 Overall architecture of the cloud data center

The cloud data center consists of the following functional areas:

Issue 01 (2015-05-19) Huawei Proprietary and Confidential 7

2.2.2 Solution Highlights

Issue 01 (2015-05-19) Huawei Proprietary and Confidential 8

3 Detailed Design of the Cloud Data Center

3.1 Design of the Cloud Data Center Networking Plan

Issue 01 (2015-05-19) Huawei Proprietary and Confidential 9

Figure 1.2 Overall networking plan for a single data center

The entire network is divided into three layers:

Issue 01 (2015-05-19) Huawei Proprietary and Confidential 10

− Management plane: It transmits communication traffic for such functions as system

3.1.2 (Optional) E9000 Server+FusionStorage Networking

Issue 01 (2015-05-19) Huawei Proprietary and Confidential 11

Issue 01 (2015-05-19) Huawei Proprietary and Confidential 12

3.1.3 (Optional) Server+SAN Storage Networking Plan

Figure 1.4 Storage network plane diagram

Issue 01 (2015-05-19) Huawei Proprietary and Confidential 13

3.1.4 Network Configuration

Issue 01 (2015-05-19) Huawei Proprietary and Confidential 14

3.2 Cloud Platform System Design

Figure 1.5 Huawei cloud platform architecture

Huawei FusionSphere OpenStack is an enterprise-level OpenStack distribution that is

Issue 01 (2015-05-19) Huawei Proprietary and Confidential 15

Huawei cloud platform consists of the following management nodes:

Figure 1.6 Services and nodes in the FusionSphere OpenStack solution

Services and nodes shown in this figure are as follows:

Issue 01 (2015-05-19) Huawei Proprietary and Confidential 16

3.2.2 Resource Management and Monitoring

Issue 01 (2015-05-19) Huawei Proprietary and Confidential 17

Figure 1.7 FusionManager position in the solution