Migrating business critical applications to the cloud: VMware tools overview
According to Gartner, the fastest growing market among cloud services is the IaaS segment. In 2017, its growth will be 36%, and the cost - 34.6 billion dollars. This suggests that despite the myths about cloud insecurity, the number of IaaS users is constantly increasing . And more and more companies trust providers of critical infrastructure.
In this article, we will look at what business critical applications are and what tools help us to handle them in the provider’s cloud .
/ Flickr / masa_0202 / CC
')
Business critical applications, or Business Critical Applications (BCA), are applications that a company cannot operate without. They perform key process maintenance and customer service tasks. The BCA are small business tools and large platforms. At the same time, they are created both by the developers of the company and by a third party.
For example, a bank transaction processing application is BCA, and if it fails, the financial institution loses money. The airline ticket booking system is also a critical service, because the airline is losing customers due to its incorrect operation.
Thus, if a business-critical application fails, the organization faces negative consequences: it bears financial losses, loses customer confidence, feels a decline in the productivity of workers.
However, it is important to understand that the same application has a different degree of importance for a particular company. This is influenced by the laws in a particular country, the individual characteristics of the organization, the state of the competitive market, etc. Therefore, it is necessary to determine in advance which applications belong to the BCA and work out a security strategy.
Despite the proliferation of cloud technologies and the growth of the market, there are still company executives who do not trust virtualization. Moving BCA to the cloud is “hampered” by doubts about security and performance. However, here you just need to follow a number of rules.
When moving to a cloud platform, it is worth comparing the performance requirements of your systems with those indicators that the cloud provider guarantees. Next, make sure that you provide the necessary protection against failures at the level of the data center and the individual hardware components. It is also worth considering the order of transfer applications to minimize downtime.
At the same time, in order to make the transition, the community developed best practices (as well as a list of tips and recommendations ) designed to help companies decide on the sequence of actions. This also helps the technical support of the provider.
Another problem is distrust of the cloud provider. But here the main thing is to carefully consider the choice of a partner. Pay attention to the fact that the data center has a UTI Operational Sustainability certificate for the stated level of reliability. Also inspect the engine rooms and technological rooms on your own - if you are refused, then the characteristics indicated in the agreement are probably not true.
/ Flickr / Yutaka Tsutano / CC
Virtualization of business critical services is a step that allows you to increase the flexibility and performance of applications, as well as get protection from disasters.
Cloud infrastructure is based on proven technology. For example, VMware vSphere virtualization systems are often used in IaaS. Their solutions have evolved and improved over the years, so we can assume that they are highly reliable. Next, we look at the components of this environment that help with the transfer of business-critical applications, as well as guarantee their performance and security in the cloud.
The vSphere hypervisor consolidates software and licenses and supports legacy operating systems and applications on new hardware. The solution also allows you to test business critical applications. To do this, the entire production environment is copied, and experiments are carried out on its copies.
To protect data, vSphere offers disk-level encryption at the VM level to prevent unauthorized access. In this case, encryption is performed regardless of the operating system.
Infrastructure security is provided by Secure Boot and Enhanced VIB. They prevent changing system images and loading unauthorized components. Secure access is provided by means of multi-factor authentication and role-based access control.
The solution also provides an improved logging system: the system not only reports that changes have been made, but also says exactly what changes were made. This helps to make smarter decisions based on more data.
All the features of VMware vSphere 6.5 can be found at the link . Read more about the protection of information on the platform here .
vMotion is a vSphere function that transfers a running VM from BCA to a new node. This eliminates system downtime and saves network and connection settings.
In this case, vMotion encrypts data during its transfer. Encryption occurs at the VM level. When a virtual machine migrates, the tool randomly generates a one-time 256-bit key and a 64-bit number. Both of these values ​​are sent to the hosts, which allows you to save data even if the channel is “listened”.
High Availability (HA) protects business critical applications without changing software. This component monitors the "health" of servers and, if it finds problems, automatically restarts the VM on other machines in the cluster. This minimizes equipment downtime.
DRS clusters ESXi nodes and balances their load. This allows you to efficiently use computing resources and migrate VMs between hosts while the service is running.
If DRS finds a physical server with a small load, the system shuts down the power and informs the administrator about excess power consumption. To identify such servers, the system examines the load on the CPU and RAM.
In this case, DRS evaluates both the physical hosts and the virtual machines running on them. This is necessary in order to correctly prioritize the moments of emergency situations: the system will migrate business-critical applications first. All this is done without disrupting the usual work of services.
SCIO acts as a load balancer in the storage system for the VM and ensures that one host does not pick up the entire channel. It is activated at the moment when the virtual machines begin to "compete" with each other to access the data.
This tool resembles SCIO, only it acts as an arbiter when the struggle for bandwidth between virtual machines begins. That is, Network I / O Control regulates the distribution of network resources.
Using these options, the client adds computing power to virtual machines (including business critical applications) without shutting them down. The algorithm for activating this functionality can be found here .
Fault Tolerance protects VMs with business critical applications using continuous availability clusters. If the primary host fails, all VMs are immediately switched from it to its copy located on another ESXi server. This minimizes downtime.
vSphere FT replicates a running virtual machine from one ESXi server to another. Each replica has its own VM files: VMDK and VMX. The first transfer, after FT activation, occurs using vSphere Storage vMotion. Next, vSphere FT duplicates VMDK entries between the primary and secondary virtual machines over the network.
When an error occurs on a physical server, VMware HA automatically starts a failed VM on another host. The state of the machine, network and all connections is restored in accordance with the "original" VM.
In general, the variety of VMware tools allows you to protect BCAs and simplify their management in the provider’s cloud. Solutions from the vendor guarantee the reliability of critical services, giving the company the opportunity to focus on developing its own product.
PS Other materials on the topic from our blog:
In this article, we will look at what business critical applications are and what tools help us to handle them in the provider’s cloud .
/ Flickr / masa_0202 / CC
')
What is a business critical application
Business critical applications, or Business Critical Applications (BCA), are applications that a company cannot operate without. They perform key process maintenance and customer service tasks. The BCA are small business tools and large platforms. At the same time, they are created both by the developers of the company and by a third party.
For example, a bank transaction processing application is BCA, and if it fails, the financial institution loses money. The airline ticket booking system is also a critical service, because the airline is losing customers due to its incorrect operation.
Thus, if a business-critical application fails, the organization faces negative consequences: it bears financial losses, loses customer confidence, feels a decline in the productivity of workers.
However, it is important to understand that the same application has a different degree of importance for a particular company. This is influenced by the laws in a particular country, the individual characteristics of the organization, the state of the competitive market, etc. Therefore, it is necessary to determine in advance which applications belong to the BCA and work out a security strategy.
Unwillingness to move
Despite the proliferation of cloud technologies and the growth of the market, there are still company executives who do not trust virtualization. Moving BCA to the cloud is “hampered” by doubts about security and performance. However, here you just need to follow a number of rules.
When moving to a cloud platform, it is worth comparing the performance requirements of your systems with those indicators that the cloud provider guarantees. Next, make sure that you provide the necessary protection against failures at the level of the data center and the individual hardware components. It is also worth considering the order of transfer applications to minimize downtime.
At the same time, in order to make the transition, the community developed best practices (as well as a list of tips and recommendations ) designed to help companies decide on the sequence of actions. This also helps the technical support of the provider.
Another problem is distrust of the cloud provider. But here the main thing is to carefully consider the choice of a partner. Pay attention to the fact that the data center has a UTI Operational Sustainability certificate for the stated level of reliability. Also inspect the engine rooms and technological rooms on your own - if you are refused, then the characteristics indicated in the agreement are probably not true.
/ Flickr / Yutaka Tsutano / CC
VMware Tools
Virtualization of business critical services is a step that allows you to increase the flexibility and performance of applications, as well as get protection from disasters.
Cloud infrastructure is based on proven technology. For example, VMware vSphere virtualization systems are often used in IaaS. Their solutions have evolved and improved over the years, so we can assume that they are highly reliable. Next, we look at the components of this environment that help with the transfer of business-critical applications, as well as guarantee their performance and security in the cloud.
vSphere 6.5
The vSphere hypervisor consolidates software and licenses and supports legacy operating systems and applications on new hardware. The solution also allows you to test business critical applications. To do this, the entire production environment is copied, and experiments are carried out on its copies.
To protect data, vSphere offers disk-level encryption at the VM level to prevent unauthorized access. In this case, encryption is performed regardless of the operating system.
Infrastructure security is provided by Secure Boot and Enhanced VIB. They prevent changing system images and loading unauthorized components. Secure access is provided by means of multi-factor authentication and role-based access control.
The solution also provides an improved logging system: the system not only reports that changes have been made, but also says exactly what changes were made. This helps to make smarter decisions based on more data.
All the features of VMware vSphere 6.5 can be found at the link . Read more about the protection of information on the platform here .
vmotion
vMotion is a vSphere function that transfers a running VM from BCA to a new node. This eliminates system downtime and saves network and connection settings.
In this case, vMotion encrypts data during its transfer. Encryption occurs at the VM level. When a virtual machine migrates, the tool randomly generates a one-time 256-bit key and a 64-bit number. Both of these values ​​are sent to the hosts, which allows you to save data even if the channel is “listened”.
vSphere High Availability
High Availability (HA) protects business critical applications without changing software. This component monitors the "health" of servers and, if it finds problems, automatically restarts the VM on other machines in the cluster. This minimizes equipment downtime.
DRS
DRS clusters ESXi nodes and balances their load. This allows you to efficiently use computing resources and migrate VMs between hosts while the service is running.
If DRS finds a physical server with a small load, the system shuts down the power and informs the administrator about excess power consumption. To identify such servers, the system examines the load on the CPU and RAM.
In this case, DRS evaluates both the physical hosts and the virtual machines running on them. This is necessary in order to correctly prioritize the moments of emergency situations: the system will migrate business-critical applications first. All this is done without disrupting the usual work of services.
Storage IO Control (SCIO)
SCIO acts as a load balancer in the storage system for the VM and ensures that one host does not pick up the entire channel. It is activated at the moment when the virtual machines begin to "compete" with each other to access the data.
Network I / O Control
This tool resembles SCIO, only it acts as an arbiter when the struggle for bandwidth between virtual machines begins. That is, Network I / O Control regulates the distribution of network resources.
Hot Add / Hot Plug
Using these options, the client adds computing power to virtual machines (including business critical applications) without shutting them down. The algorithm for activating this functionality can be found here .
Fault tolerance
Fault Tolerance protects VMs with business critical applications using continuous availability clusters. If the primary host fails, all VMs are immediately switched from it to its copy located on another ESXi server. This minimizes downtime.
vSphere FT replicates a running virtual machine from one ESXi server to another. Each replica has its own VM files: VMDK and VMX. The first transfer, after FT activation, occurs using vSphere Storage vMotion. Next, vSphere FT duplicates VMDK entries between the primary and secondary virtual machines over the network.
When an error occurs on a physical server, VMware HA automatically starts a failed VM on another host. The state of the machine, network and all connections is restored in accordance with the "original" VM.
In general, the variety of VMware tools allows you to protect BCAs and simplify their management in the provider’s cloud. Solutions from the vendor guarantee the reliability of critical services, giving the company the opportunity to focus on developing its own product.
PS Other materials on the topic from our blog:
Source: https://habr.com/ru/post/339614/
All Articles