Red Hat + Lenovo: the structure of the resource management system in the Government of the Moscow Region

Hi, Habr! Today we will tell a little story about how you can conveniently and efficiently manage resource allocation processes. And, by a good tradition, we will do it on a real example, which is Russian again and again connected with government structures. This time, however, let's talk not about tenders, but about software solutions.

So, the project customer was the Moscow Region Government. The conditions at the start were the following: one small group of administrators was responsible for the entire IT infrastructure, served all government agencies and ensured the operation of all automated systems. In total, it was necessary to work with more than four dozen departments, from which requests for resource allocation constantly come. At some point, it became clear that it was difficult for technicians to handle the load, it was necessary to come up with a good solution that would not only reduce this load, but also allow for more efficient management of the available capacities.

The customer knew right away that only one virtualization environment would be used - they stopped at VMware. However, several data centers were located in different geographic locations under the independent management of different servers. In addition to the need to put all this together at the software level, there were four main tasks:

1. Users must request resources in the self-service system.
2. Specialists of state authorities and contractors must deploy the necessary servers within the allocated resources.
3. A role model of access to various information systems should be used.
4. The central IT department should retain the function of control over the principal components of the infrastructure and system performance.

It was possible to solve all these problems using the Red Hat CloudForms platform. The resulting scheme of SUVR work is as follows:

The key feature is that everything is brought to a single decision point. Configurations pass through the Service Desk, second-level support engineers confirm or reject applications, can regulate user requests and at the same time clearly understand what they are doing and why they are doing it, because see detailed statistics. Everything connected with the consumption of resources is absolutely transparent: you can always check whether what you have requested is really used to the maximum and correctly. If not, then there is all the statistics at hand to challenge such operations. There is a strong argument in resolving complex disputes about the performance of various systems.
')
The reporting provided by CloudForms turned out to be quite enough: it is an inventory of machines and applications, analytics of resource consumption and utilization, and the construction of reports on the state of the infrastructure.

Users have their own interface with a certain set of simple functions, with the help of which you can form your virtual machines and assign certain roles to them. The system does not allow to go beyond the limits of the requested resource pool - to expand, the employee responsible for the information system must prove that he really needs it.

In addition, the entire infrastructure was template in order to make it easier and more understandable for the implementers who implement the systems to choose blanks for various server roles. Although the ability to install custom ISO images remained. But, if it is necessary to work with the latter, an inspection is first carried out. If it turns out that in the future the system will become unattended, then the allocation is denied.

The case did not go without a system of protection from an angry user. You can not just take and click on the "Delete" button. Such a request is immediately sent to execution in the Service Desk, and deletion can occur only after the administrator confirms the operation.

Also included is native support for Active Directory. To gain access to the system, the user must go through an easy registration process. Since we are talking about the Government of the Moscow Region, the issues of security and internal understanding of who is responsible for what is still very important. There are several pools within which the user can have different statuses. The administrator manages all users, and he does it on his own, without recourse to an IT service, which greatly reduces the workload of a small high-level support team.

At the stage of creating the management console, specialists from the Moscow Region Government turned to VMware for help, but they had to reject the proposal to buy vCloud Director. However, the solution found was very convenient: after all, there was an opportunity to bring virtual machine consoles directly to the browser, using pure HTML 5 and not using third-party plugins.

What are the advantages of the created system? Everything is very simple. First, the customer receives the entire set of source codes and therefore can later carry out the entire process of maintenance (or even refinement) independently. Secondly, the Red Hat approach assumes work within the framework of the historically established infrastructure — an add-on is being created over the virtualization system, and the foundation does not change and is not supplemented unless absolutely necessary. And finally, Red Hat CloudForms is a convenient showcase for everyone, which reduces the workload for administrators, provides a clear Russian-language interface to users, does not require several usernames / passwords to be stored in memory, and at the same time provides very detailed information about all processes.

Such a platform can be useful to any large federal state institution with an extensive or geographically distributed IT structure, where resource allocation is required, there are systems like SAP, ERP, etc. Experience shows that, in such cases, in addition to “combat” systems, test environments are also needed.

Also, CloudForms may be of interest to large corporations where there is a VMware farm, which includes more than 50 hosts. Here, most likely, virtualization is also needed, there is a division into production, test and development, and there are significantly fewer people who control the console than those who send them requests.

Statistics on the equipment used by the Government of the Moscow Region as of April 2015 was as follows: SUVR worked with 27 AIS , 2522 vCPU, 3987 GB RAM and 252 TB on the HDD. From our side, we modestly add that a significant part of this equipment is Lenovo servers.

Recently, we expanded our server solutions line: a new generation of System x M5 servers, perfectly suited for working with “big data” and virtualization, has come on the market. For example, the System x3650 M5 supports up to 14 3.5-inch drives for data storage plus two 2.5-inch drives for the operating system and software. If you use LFF drives with a capacity of 6 TB and SFF drives with a capacity of 1.8 TB, you can achieve a total of 87.6 TB.



In the generation of M5 servers, Intel Xeon E5-2600 v3 processors are used, the maximum amount of RAM can reach 1.5 TB, and various disk subsystem acceleration options are supported (SSD drives and PCIe SSD adapters). For additional fault tolerance, the hypervisor can be installed on two internal SD cards assembled into a RAID-1 array. In addition, each of our servers has a failure prediction system (Predictive Failure Analysis, PFA), which automatically monitors the state of the server hardware components: processors, processor power supply module (VRM), memory, disks, fans, and power supplies. A PFA event is a service event and allows you to replace a defective part under warranty. With all these features, the M5 server generation is the ideal platform for building fault-tolerant virtual environments.

According to a recent ITIC study , Lenovo System x servers for the third year in a row have become the most reliable solutions among all x86 servers. Together with the servers, we offer XClarity software , which helps simplify the management of a large cluster through automatic discovery, inventory, and rapid resource allocation.

Virtually all of our current machines today are certified by Red Hat, so you can not worry about the compatibility and performance of the software. In addition, Lenovo has long been working with Red Hat, so that together we can implement projects like the one described above in a fairly short time. At the same time, it is possible to link the Lenovo warranty and Red Hat support into one convenient complex with a validity period of up to 5 years from the date of purchase of the servers and the creation of the IMS. By the way, the scheme indicated at the beginning of the material is, in fact, the basis, which, if necessary, is easy to expand. We can talk about how this is done in other materials, if dear Habr's readers have such interest.

Thanks for attention!