4.4 Network Architecture for Hybrid Cloud Deployments

Hybrid clouds play a key role in the adoption of cloud computing as the new gen- eration IT paradigm. While the IT industry and the research community are still in

78 G. Lin and M. Devine

Private Cloud Public Cloud Network Service Node

Network Service Node

Fire Wall

Fire Wall

Service Control Load Balancer Load Balancer Control Service

WAN Accelerator

WAN Accelerator

Data Center Interconnect ransport Network

Cloud-in-a-box Data Center Core Data Center Core Cloud-in-a-box Switch

Switch

Standard Management Interfaces

Cloud Management System

Fig. 4.4

A Functional view of network architecture for hybrid clouds

number of major functional components in the hybrid cloud network architecture have been identified. Figure 4.4 shows a functional view of the network architecture for hybrid clouds.

4.4.1 Cloud-in-a-Box

As large enterprises start to build their own private clouds and further expand them into hybrid clouds, a significant need is to simplify the design, deployment, and management of clouds. The traditional data center deployment model of having separated physical devices focusing on server units, networking units, and storage units presents a significant challenge. A new trend in the design and deployment of private and hybrid clouds is the concept of “cloud-in-a-box.”

A cloud-in-a-box, sometimes also called a cloud cell, is a pre-integrated, pre- packaged and self-contained service delivery platform that can be used easily and quickly to implement private cloud centers. Physically, it is typically deliv- ered in a single chassis containing multiple blades; some blades are computing units, some switching units, and some storage units. They are interconnected by

a combination of a common backplane (e.g. a PCI-type backplane) and high-speed converged Ethernet connections (e.g. 10G FCoE). From the networking perspective, the switches that are pre-integrated into a cloud-in-a-box are typically the access layer switches.

Software wise, a common hypervisor environment typically expands across the computing units, the networking units, and storage units in a cloud-in-a-box device. From the networking perspective, this requires a virtual Ethernet switch to be embedded in the hypervisor. In the VMware environment, the VMware’s

4 The Role of Networks in Cloud Computing 79 vNetwork Distributed Switch and Cisco’s Nexus 1000v virtual switch are the two

well known examples of hypervisor-embedded virtual Ethernet switches. On top of the common virtualization layer, a service management application is typically included to allow the management and automation of cloud services provision- ing, accounting and billing, security, dynamic resource reallocation and workload mobility. Furthermore, some of today’s purpose-built cloud-in-a-box platforms also include a cloud service application to offer the specific cloud service. For example, a development-and-test oriented cloud-in-a-box platform may pre-integrate and pre- package a cloud-ready Integrated Development Environment (IDE) as part of the product.

At the time of this chapter is written, there are a number of cloud-in-a-box prod- ucts offered in the industry. See (VCEC, 2009; IBM Corporation, 2009 ) for further information.

4.4.2 Network Service Node

Layer 4 network services play an important role in the network architecture for hybrid clouds. Application firewalls ensure the secure transport of user data and application workloads between the data centers in a hybrid cloud; server load bal- ancers ensure the workloads distributed evenly or according to operations policies both within a single data center and across multiple data centers; WAN accelerators provide WAN optimization that accelerates the targeted cloud workloads over the WAN, and ensure a transparent user experience regardless where the applications reside.

While these Layer 4 services exist in today’s data center environments, the prolif- eration of server virtualization in the cloud delivery model has created a significant challenge to the traditional network service architecture, as the Layer 4 services now need to be virtualization aware.

Visibility into virtual machine activity and isolation of server traffic becomes more difficult when virtual machine-sourced traffic can reach other virtual machines both within the same server and across the data center network and data center inter- connect network. In the traditional access model, each physical server is connected to an access port. Any communication to and from a particular server or between servers goes through a physical access switch and any associated services such as a firewall or a load balancer. But what happens when applications now reside on vir- tual machines and multiple virtual machines reside within the same physical server? It might not be necessary for traffic to leave the physical server and pass through

a physical access switch for one virtual machine to communicate with another. On the other hand, application residing in a virtual machine can be “moved” to another data center for load balancing. How to ensure the WAN accelerator to recognize an application residing within a virtual machine and optimize the WAN treatment for a virtual machine? Enforcing network policies in this type of environment can

be a significant challenge. A network service node is a logical or a physical unit

80 G. Lin and M. Devine that provides the layer-4 network services to support cloud service deployment. The

goal remains to provide many of the same network services and features used in the traditional access layer in the new virtualization-aware access layer. We believe this will be a fertile area for future research.

4.4.3 Data Center Network and Data Center Interconnect Network

Data center network and data center interconnect network are described before. Due to the length limitation of this chapter, we shall not expand beyond what has been

described in Sections 4.2.4 .1 and 4.2.4.2.

4.4.4 Management of the Network Architecture

Management of the network architecture in a hybrid cloud is part of the overall cloud management system. Key topics include the “physical” system management of the network infrastructure in the hybrid cloud and the “virtualization” manage- ment aspect that spans across the entire network path, starting from the virtual Ethernet switch embedded in the Hypervisor, through the access and core switches in the data center network, and across the data center interconnect network, as well as the network service modules along the network path.

Virtualization brings a new dimension to the management architecture. Similar to traditional “physical” system management, the network virtualization manage- ment needs to dynamically provision, monitor and manage end-to-end network resources and services between virtual machines in a cloud environment. In this context, a way to express workloads, network resources and operation policies in a virtualization-aware but hypervisor independent manner is the first step. Readers interested in more details in this area can start from DMTFb ( 2009 ). Once this is achieved, algorithms and systems can be developed to derive the network con- figurations and resource allocation based on the requirements from the virtual machine workloads. Similar to the “physical” system management, interoperabil- ity between the systems (e.g. between management system and the network, and between management systems) is an important requirement. For this purpose, com- mon standards, open interfaces, common data model (management information model) are key. Currently this is still a less coordinated area where a number of standards bodies, including the Distributed Management Task Force (DMTF), the Object Management Group (OMG), the Open Grid Forum (OGF), etc., are work- ing on various “standards” for cloud management. This is an area that needs more efforts to mature. Interested readers can start from DMTFa and Cloud Standards Coordination, http://cloud-standards.org .

4 The Role of Networks in Cloud Computing 81