An import issue to adress in a private cloud setup is setup of HA «high availability». There a multiple key components that make up a cloud service, and all of the core components need to have HA because if one of the core components go down, your cloud goes down. C
The network must be designed properly in order to address the traffic the cloud service will generate. For instance if you have a big service like Facebook or Linkedin you need to have a proper network design in place to be sure that the solution won’t «kneel» on the first day because of the traffic. (Either it is regular requests to the site or because of an DDOS attack)
And as a part of that design you need ADC.
Of course when you connect to a public service like facebook.com you don’t go directly to a webserver. A typical deployment for a service (with HA would look like this)
End-user ————–> Internet ———-> Firewall -> ADC -> Pool of web servers.
An ADC can be described as an next generation load balancers.
They include features such as, compression, caching, ssl offloading, content switching and load balacing. There are of course other options as well (Some are different for each product, but these are the common criteria for an ADC)
The largest ADC products in the market are F5 BIG-IP and Citrix Netscaler.
(According to Gartner 2010)
And many of the largest web companies in the world use Netscaler or BIG-IP ADC’s
Like Facebook, Bank of America uses BIG-IP according to netcraft.com and sites like Visa use Netscaler.
(Of course if you wish to try out some of the features in these products, both of them offers virtual appliances that can be run within a hypervisor with some limitations)
F5 also has a nifty flash to show many of the features within a ADC and how they work -> http://www.f5.com/flash/product-demo/
But back to the cloud, when deploying new services in the cloud you can automate much of this with SCVMM 2012 out-of-the-box.
* Automate the deployment of new service.
* Installing the operating system / applying security updates on a virtual machine
* Installing the application or server roles (Terminal server / web server )
* Configure which users have access to the service, so on and so forth.
But of course this will only get you so far, if you have an ADC between your firewall (Which is connected to the internet) and your infrastructure you would need to make some settings on the ADC as well in order to deploy the service properly.
Microsoft has seen the value of working together with the ADC vendors, and because of this you can integrate your ADC’s into SCVMM and with it fully automate your service deployment. As of today there are 3 «connectors» avaliable.
BIG-IP -> https://devcentral.f5.com/tabid/1082224/Default.aspx?returnurl=%2fLinkClick.aspx%3flink%3dhttp%3a%2f%2fdevcentral.f5.com%2fdownloads%2fplugins%2fF5LoadBalancerPowerShellSetup-214-x64.zip%26tabid%3d73%26mid%3d3221
Citrix Netscaler -> http://community.citrix.com/display/ns/Citrix+NetScaler+LB+Provider+for+Microsoft+System+Center+Virtual+Machine+Manager+2012
Brocade -> http://www.brocade.com/partnerships/technology-alliance-partners/partner-details/microsoft/microsoft-systems-center/index.page
Im going to walk trough the deployment of Netscaler connector within SCVMM 2012. And how you can further use this when creating templates.
First of install the connector from the site. Click next, next and install.
After you have installed the connector you need to restart the virtual machine service.
(Just open it from services.msc)
Then it should appear under Configuration Providers
Before we can use it, we need to add it as a Load balancer,
From there you need to create a runas account which has access to the netscaler, and has access add LB rules.
Then you need to choose which host group this LB will be active for, then choose the manufacturer and model.
Then enter the IP address and port for the Netscaler device.
Now under Provider we check if the system has access to the device.
The system will try to perform basic functions on the device like
* Retrieve LBsysteminfo
* Open LBConnection
* Close LBConnection
* Retrieve LBknownVIP
* And so on..
Afther that is complete you can click complete. Now that the Load Balancer is in place and is configured correctly with access we must create a VIP template.
A VIP template contains a configuration setting for a hardware load-balancer for a specific type of network traffic. For instance, you could create a template that specifies the load balancing behavior for HTTPS traffic on a specific load balancer.
In this example we are going to create a VIP template for https traffic where the SSL is going to be terminated at the load-balancer
So give the template a name and define what the VIP port is going to be (since https is over port 443 I enter that)
Next I choose what type of load-balancer I wish to use
Click next, now we have to define which Protocol we are going to load-balance, and if we wish to terminate the https connection at the load-balancers.
We also need to enter a Certificate subject name here. For instance C=US,ST=WA,L=Redmond,O=Contoso,OU=Test,CN=www.contoso.com/emailAddressemail@example.com.
Here we change the settings for Persistance, for instance if someone has the SSL session ID of = 12325345345 and has visited WEBSERV1 before then the user be routed back to that server.
Click next –>
Now we choose what kind of Load balancing method we are going to use, im going to stick with «Least Connections” since my web servers are equal in terms of hardware.
And last but not least Health Monitors.
Health monitors are in place to check if the servers in the back actually are alive and responding.
You can for instance add a GET / in the request box and type 200 under reponse (Which is the status for OK in HTTP) and the device will perform a HTTP GET on each server so see if they are alive and well.
Click next then finish!
After this is done you can use this template in any service template deployment (I will get back to that in a later post)