Tip

Building a private cloud: Is the physical network hostile?

Organizations are adopting private cloud with great gusto. According to recent benchmark studies conducted by Nemertes Research, 35% of companies in 2012 will adopt the technology -- a 75% year-over-year increase from

    Requires Free Membership to View

2011. But building a private cloud means offering a whole new model for service delivery from the data center based on virtualization, orchestration, multi-tenancy, provisioning, etc. That will mean learning new techniques that can seem hostile to the physical network as we know it.

At this point, most IT planners are focusing on private Infrastructure as a Service (IaaS) -- or the delivery of dynamic compute, storage and networking to application development teams and business units. 

IT professionals have learned that dynamism is the name of the game in private cloud IaaS. To really be beneficial, the private cloud must offer elastic, self-provisioned, on-demand, multi-tenant pools of shared compute, storage and networking. It is critical to keep these in mind since they apply to all levels of the cloud stack.

Why physical networks don't cut it for the private cloud

The problem is that in today’s data center, some aspects of networking are fundamentally hostile to these private cloud computing concepts. Specifically, the majority of network architectures assume a fixed relationship between device identification and physical address. 

Previously, it was uncommon for virtualization servers and storage to move around the data center. Now virtual machines move for a number of reasons, including load balancing, power management, maintenance and disaster recovery/avoidance. But the underlying network is still very much mired in the ID/location relationship. Just as we’ve broken ID from location in the wireless network, we’ll need to do the same in the data center.

Addressing multi-tenancy in the private cloud

A key characteristic of the cloud is multi-tenancy. In a private data center this means creating distinct virtual networks over a physical network so that human resources and finance, for example, share the same server, storage and network resources. We need controls in place to isolate one tenant from another. This is necessary for business, security and compliance reasons. Most IT shops today depend on the virtual LAN (VLAN) as the core control to provide logic and multi-tenancy in the private cloud. VLANs (802.1q) are effective for multi-tenancy by isolating one department’s virtual servers from another. 

The cloud VLAN challenge

There are a few issues with VLANs, however. First, the maximum number of VLANs is 4,094 -- 4,096 technically. This is probably not an issue for a small data center, but a large data center with thousands of servers will run up against this limit quickly. Second, different hypervisors have limitations on how many hosts may be supported in certain configurations -- high availability, for example -- which drives up the number of VLANs significantly. Third, VLAN management can be complex for network and virtualization admins, particularly in a cloud environment, at scale.

VLANs exist in the physical realm on physical switches and in the virtual realm on virtual switches and they need to match up...exactly. This usually requires close coordination between network and server admins, and often the process of tying a virtual VLAN to a physical VLAN is a manual process. Network administrators say managing more than 100 VLANs is a significant challenge for them.  

The bottom line is that VLANs have served us well, but we need more than the VLAN to support the private cloud. This is because of the limitations listed above as well as the VLAN being too limiting for wide-scale virtual machine motion.

About the author: Ted Ritter is a senior research analyst with Nemertes Research, where he conducts research, advises clients, and delivers strategic seminars. A Certified Information Systems Security Professional (CISSP), Ritter leads Nemertes' research on information stewardship, which includes compliance and the management, access, storage and backup of data.

This was first published in December 2011

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.