1
Symantec Reference Architecture for Business Critical Virtualization
David Troutt Senior Principal Program Manager
Symantec Reference Architecture
11/6/2012
SYMANTEC VISION 2012
Virtualization of Business Critical Applications
2 2
Development and Test IT Owned Services Small Departmental Servers
Business Critical Applications
Mis
sio
n C
riti
cal
Ap
plic
atio
ns
• Easy, department level systems already virtualized
• Next are the “Business Critical Applications”
• They are the last to be done because they are the “crown jewels” of the company
• They must be protected, they must meet SLA’s
Symantec is the Solution.
38% 57% 59%
% of Physical Servers running a Hypervisor
% of OS instances running in a VM
% of Apps running in a VM
1 2 3
Source: VMWare Customer Benchmarking Survey August 2011
Symantec Reference Architecture for Business Critical Virtualization
SYMANTEC VISION 2012
Agenda
Symantec Reference Architecture 3
approach 1
overview 2
technology architecture domains 3
validation 4
conclusion 5
SYMANTEC VISION 2012
approach
Symantec Reference Architecture 4
SYMANTEC VISION 2012
• Organizations are striving to leverage the benefits of virtualization:
– Drive down cost
– Improve business agility through consolidation
– Improve resource utilization
– Benefit from increased automation and efficiency
• Many business critical applications are considered too large, complex, or high risk, concerns center around:
– Meeting enterprise level SLAs (Service Level Agreements) for “up time”
– Maximizing continuity and recovery
– Meeting enterprise level security and governance requirements
– Achieving I/O performance requirements
– Minimizing storage and related resource costs
– Minimizing learning the curve by removing one-off point-solutions
5 Symantec Reference Architecture
Business Challenges
Symantec Reference Architecture
SYMANTEC VISION 2012
Goal:
To remove the barriers to virtualization, and provide proven capabilities to help businesses migrate their critical Microsoft® applications safely to virtual environments, while managing complexity and risk.
Objectives:
• Optimize I/O performance
• Provide business critical levels of availability
• Protect critical servers from security threats
• Reduce infrastructure costs
• Improve operations efficiency
6 Symantec Reference Architecture
Goal & Objectives
Symantec Reference Architecture
SYMANTEC VISION 2012
• Defines optimum configurations that ensure VMware, Microsoft®, and Symantec technologies work together for maximum benefit
• Optimized for large enterprises deploying business critical applications with high transaction rates
• Benefits of virtualization remain intact and improved upon
• Minimizing cost of implementation – Organizations can expand the scope of a specific implementation of the Symantec Reference
Architecture to include multi-instance applications.
• Based on the most current generally available versions of software
7 Symantec Reference Architecture
Key Requirements Driving this Architecture
Symantec Reference Architecture
SYMANTEC VISION 2012
Introducing the Symantec Reference Architecture
• Tested framework
• Meets the business critical application challenges
• A complete solution
• Combines key products from Symantec and VMware
• Enterprise Architecture based on TOGAF Standards
• Off the shelf products, no custom software required, low TCO, easy expansion
• Accelerates the design process, reduces costs & risk, speeds implementation
• Selected resources trained in architecting and implementing this solution
• Hardware platform flexibility (HP, Dell, EMC, etc.)
8
SymRA for Business Critical Virtualization is the blueprint to make it work.
Symantec Reference Architecture for Business Critical Virtualization
SymRA
SYMANTEC VISION 2012
overview
Symantec Reference Architecture 9
SYMANTEC VISION 2012
Common Architecture Overview
10
Hypervisor
Virtual Machine
Application Data
Hypervisor
Virtual Machine
Application Data
Enterprise Dynamic Storage (SAN)
Hypervisor
Virtual Machine
Application Data
SAN/NAS
Enterprise Backup
Enterprise Backup
Off-Site Deduplication
Replication
Clustering Replication
Primary Site Secondary Site
Security & Compliance
Visibility, Audit & Reporting
Operations Management
Users
Business Critical
Application
Symantec Reference Architecture Symantec Reference Architecture
Business Critical
Application
Business Critical
Application
SYMANTEC VISION 2012
Symantec Reference Architectures for Business Critical Virtualization
The Reference Architectures within this series include supporting environments for:
11 Symantec Reference Architecture
Microsoft
applications
on VMware
Security
Archiving
Data
Protection
Storage
Management
High
Availability
SYMANTEC VISION 2012
technology architecture domains
Symantec Reference Architecture 12
SYMANTEC VISION 2012
Requirements to Architecture Segment Mapping
Symantec Reference Architecture for Business Critical Virtualization 13
Concerns High
Availability Segment
Storage Segment
Data Protection Segment
Security Segment
Archiving Segment
I/O Performance
Application Availability
Application Recovery
Application Visibility
Server Security
Infrastructure costs
Management costs
SYMANTEC VISION 2012
Product to Technology Architecture Domain Map Technology /
Product Virtualization
High
Availability
Storage
Management
Data
Protection Security Archiving
ESXi
vCenter
vShield
HA
SRM
SRA Replication
Array-Based
Snapshots
ApplicationHA
Storage Foundation
Veritas Operations
Manager
Veritas Operations
Manager Advanced
Critical System
Protection
NetBackup
Enterprise Vault 1.
Symantec Reference Architecture for Business Critical Virtualization 14
VM
ware
Syman
tec 3
rd P
arty
1. Antivirus recommended for Exchange environment.
SYMANTEC VISION 2012 15
High
Availability
• Protect systems at ALL levels (application through ESXi host and data center)
• Enable quick recovery
• Ensure live migration of complex systems
• Provide consolidated monitoring and report of system status and SLAs
Approach Taken
Products Used
• Implement ApplicationHA on all application virtual machines
• Integrate with VMware’s HA and DR capabilities for local and site level failover
• Apply multi-tier application management and protection
• Provide data center level monitoring and reporting of application SLA’s
• Symantec™ ApplicationHA
• VMware HA
• Veritas™ Operations Manager
• VMware SRM
• SRA (from HP) – Array based Site-to-Site replication
Objectives Achieved
High Availability (& Disaster Recovery)
Symantec Reference Architecture for Business Critical Virtualization
SYMANTEC VISION 2012
Achieving Service Level Agreements
Application
Virtual Server
Physical Server
Data Center
Failure Level Action Taken
Symantec ApplicationHA detects and
then attempts to restart application
services. If services can’t be
restarted Application HA notifies
VMwareHA
VMware HA attempts to restart
virtual server.
ESXi Host is detected as being down
by VMware HA which then moves
applications to an alternate ESXi Host
VMware SRM detects the data center
down, starts applications at DR site.
16 Symantec Reference Architecture for Business Critical Virtualization
High
Availability
SYMANTEC VISION 2012
Managing Availability Across Application Tiers
17
Service Start
Service Stop
Status Summary
Security
High Availability
Disaster Recovery
MS SQL Database
SharePoint App.
Web server
SharePoint
app app app
Symantec ApplicationHA
Symantec ApplicationHA
Symantec ApplicationHA
Veritas
Operations
Manager
USE CASE
Symantec Reference Architecture for Business Critical Virtualization
High
Availability
SYMANTEC VISION 2012 18
18
Primary Site Secondary Site
SRM Server SRM Server
ESXi ESXi ESXi
VMware HA
VM1
OS
VM2
OS
VM3
OS
ESXi ESXi
VMware HA
VM1
OS
EXCH
VM2
OS
SQL
VM3
OS
SP
Resource Mapping
SRM Failover
Non- Replicated
Storage Replicated Storage
ESX Boot Vols
VM Boot Vols
Data Vols
Log Vols
SRM Protection Group
Replicated Storage
ESX Boot Vols
VM Boot Vols
Data Vols
Log Vols
SRM Protection Group Non- Replicated
Storage
Array-based Replication
Disaster Recovery Logical Architecture
EXCH SQL SP
Symantec Reference Architecture for Business Critical Virtualization
High
Availability
SYMANTEC VISION 2012
Storage
Management
• Provide for scalable and optimized I/O performance
• Reduced infrastructure and management costs
• Provide instant recovery via snapshots
• Ensure Disaster Recovery with data integrity
Objectives achieved
Approach taken
Products Used
• Implement thin provisioning/reclamation to provide capacity on demand
• Deploy DMP (SFW) to eliminate single points of failure in the I/O path
• Utilize VOM/VOM Advanced to provide centralized storage management and reporting
• Use snapshots to facilitate instant point in time recovery
• Veritas Storage Foundation™ for Windows® from
Symantec
• Veritas™ Operations Manager
• Veritas™ Operations Manager Advanced
Storage Management
19 Symantec Reference Architecture for Business Critical Virtualization
SYMANTEC VISION 2012
20
VM1
OS
SFW
VM2
OS
SFW
VM3
OS
SFW
Non- Replicated Storage
Replicated Storage
ESX Boot Vols
VM Boot Vols
Data Vols
Log Vols
SRM Protection Group
Storage Management Logical Architecture
SQL EXCH SP
Non- Replicated
Storage
Snap-Shots
Snap-Shots
VMDK Local Storage RDM SAN Shared Storage
Physical Server
VMware ESXi
Symantec Reference Architecture for Business Critical Virtualization
Storage
Management
SYMANTEC VISION 2012 21
Benefits of Choosing Raw Device Mapped Storage
Symantec Reference Architecture for Business Critical Virtualization
• Breaks the 2 TB limit
• I/O Isolation
o Minimize impact on other applications
o More predictable performance
o Separation of application files types (databases, log files, etc.)
• Supports advanced storage mgmt. capabilities (e.g. Thin Provisioning)
• Lower CPU overhead, 5% to 8%
Benefits
Storage
Management
SYMANTEC VISION 2012
Managing and Monitoring Storage VOM and VOM Advanced
22
E N
G I
N E
E R
I N
G
O P
E R
A T
I O
N S
IMPROVE SERVICE LEVELS
• Monitoring, alerting, & built-in
health checks
• Storage capacity planning &
reporting
• Patch reporting & alerting
• File Systems & Volume
Management Information
REDUCE COST AND
COMPLEXITY
• Automated detection &
mapping of virtual guests
and related storage
• Thin-Pool Monitoring &
reclamation reporting
Symantec Operations Readiness Tools
ApplicationHA
STORAGE FOUNDATION
Customer Premises
Veritas Operations Manager
Symantec Reference Architecture for Business Critical Virtualization
Storage
Management
SYMANTEC VISION 2012
Data
Protection
• Enable fast recovery of data in the event of data loss or logical corruption
• Improve performance and scalability by offloading backup processing from application virtual
machines
• Reduce infrastructure and storage costs by eliminating backups of duplicated data
• Allow for recovery of individual objects (files, mailboxes, etc.)
Approach Taken
Products Used
• Use VMware and array-based snapshots for off host backups of OS, applications, and data
• Deploy NetBackup agents on all application virtual machines for granular recovery
• Utilize NetBackup deduplication to minimize storage and network bandwidth requirements
• Deploy Granular Restore Technology (NetBackup GRT) for individual object level restores
• Symantec NetBackup™ Enterprise Server
• Symantec NetBackup™ 5000 and MSDP (Deduplication)
• VMware vStorage APIs for Data Protection (VADP)
• VMware Snapshots
• Array-based Snapshots (from HP)
Objectives Achieved
Data Protection
23 Symantec Reference Architecture for Business Critical Virtualization
SYMANTEC VISION 2012
NetBackup Logical Architecture
Third-Party Storage
Appliance
VMware ESXi Host
NetBackup Media Server
Tape Library
SAN Storage
Tape Library
NetBackup Master Server
NetBackup Dedupe Media Server (MSDP)
SAN Storage
NetBackup Dedupe Appliance SAN Storage
OpsCenter Reporting and Management Server
VM VM VM
Snapshots
NetBackup Client Hosts (Virtual Machines)
Ethernet
24 Symantec Reference Architecture for Business Critical Virtualization
Data
Protection
SYMANTEC VISION 2012
Offhost Backup Using vStorage API and Snapshots
NetBackup Media Server or
Appliance
SAN Storage
ESXi Host
Guest
Application
Snap
Sho
t vStorage API
RDM
SAN/NAS Storage
VMDK Backup Storage
25 Symantec Reference Architecture for Business Critical Virtualization
Data
Protection
SYMANTEC VISION 2012 26
Protecting I/O Performance via Off-host Backups
ESXi Host ESXi Host
NetBackup Media Server or
Appliance
Snapshot
Guest
Application
RDM
SAN Storage
Backup Storage
Guest
RDM
NBU Agent
“Alternate Host”
Shared Storage
NBU Agent
Symantec Reference Architecture for Business Critical Virtualization
Data
Protection
SYMANTEC VISION 2012
Security
• Protect a virtualized environment against intrusion and unauthorized changes
• Protect against network security threats
• Lower security management costs
• Keep security policies relevant to new threats
Approach Taken
Products Used
• Multiple layers of protection
• Utilize Symantec™ Critical System Protection (SCSP) to monitor file systems and processes
for unauthorized changes
• Lockdown system configuration settings, file settings, and use of removable media using SCSP
• Implement VMware vShield App to enforce firewall security policies
• Centralize security administration and management via SCSP
• Implement LiveUpdate™ to keep security policies current
• Symantec™ Critical System Protection, Symantec LiveUpdate™
• VMware vShield App
Objectives Achieved
27
Security
Symantec Reference Architecture for Business Critical Virtualization
SYMANTEC VISION 2012
Security Capability Map by Application
28 Symantec Reference Architecture for Business Critical Virtualization
Functionality Microsoft Applications *
Symantec CSP**
VMware vShield
Access Control to Applications and Data
In Place Data Encryption
Tamper Protection (no unauthorized modification)
SSL Certificate Protection (no unauthorized access)
System Hardening (Prevent 0 day attacks and unauthorized software installation)***
Built in compliance reports
Network Firewall
Hypervisor Level Firewall (Application & System Aware)
* Referring specifically to Microsoft SQL Server, Exchange Server and SharePoint
** Symantec Critical System Protection (SCSP) protects physical & virtual systems. Security groups, policy management, logging, and auditing can cross both physical and virtual environments.
*** SCSP follows best practices for hardening an ESX server from VMware and ensuring your ESX systems settings are set to be secure and remain secure.
Security
SYMANTEC VISION 2012
Hardening Virtual and Physical Systems Efficiently
Physical
Virtual
• Shield critical physical and virtual systems
• Apply Isolation Trust Zones
• Unified Policy and Control
• Key Functions:
• System hardening
• User access control
• Change monitoring/prevention
• Guest isolation
• Network access control
• IPS / IDS
• Log retention
• Removable media control
• User and application behavior control
• File integrity monitoring
29 Symantec Reference Architecture for Business Critical Virtualization
Security
SYMANTEC VISION 2012
Lock Down All of the Virtual Environment with CSP
ESX/ESXi Host
vCenter Server
Datastores
“Datacenter”
“Cluster”
Datastores
vSphere Client vCenter Server
vCenter Database
Threats Rogue Clients
Client Hijacking
Disgruntled Admin
Mis-configurations
SSL certificate
Malware
Unauthorized Access
vSphere Client
X X X X X X X
30 Symantec Reference Architecture for Business Critical Virtualization
Security
SYMANTEC VISION 2012
Archiving
• Offload aging data and duplicated data from infrastructure, optimizing I/O performance
• Reduce cost of Tier 1 storage and related infrastructure
• Provides capability to quickly locate messages and documents for compliance requirements
Approach Taken
Products Used
• Deploy Enterprise Vault to archive Microsoft ® Exchange Server and Microsoft ® SharePoint®
information
• Implement eDiscovery using Discovery Accelerator to allow for quick searches of archived content
• Define expiration policies to remove old messages and content from archive stores
• Symantec Enterprise Vault™
• Symantec Enterprise Vault™ Discovery Accelerator
Objectives Achieved
31
Archiving
Symantec Reference Architecture for Business Critical Virtualization
SYMANTEC VISION 2012 32
Archiving Physical Architecture
Symantec Reference Architecture for Business Critical Virtualization
Archiving
SYMANTEC VISION 2012
validation
Symantec Reference Architecture 33
SYMANTEC VISION 2012
• Testing Methodology
– Focus on Interoperability
– Placed applications under load during functional testing
• Use Cases Tested
– High Availability – Recovery at each tier (Application to Data Center)
– Disaster Recovery
– Data protection
– Thin provisioning / reclamation
– Security
– Reporting / tracking of events
34 Symantec Reference Architecture Symantec Reference Architecture
Validation Approach
Example Test Lab
SYMANTEC VISION 2012
conclusion
Symantec Reference Architecture 35
SYMANTEC VISION 2012
Conclusion
36 Symantec Reference Architecture Symantec Reference Architecture
Symantec’s Reference Architecture solves the problems facing the virtualization of common
Microsoft® business applications.
Improved Availability & Performance
Improved Application & Data Protection
Reduced Infrastructure & Management Costs
SYMANTEC VISION 2012
Next Steps
• Review the associated white paper:
– White Paper: Accelerating Virtualization of Tier 1 Applications
• Schedule a meeting with a Symantec technical sales specialist to discuss suitability of this solution.
37
http://www.symantec.com/virtualization
Symantec Reference Architecture for Business Critical Virtualization
SYMANTEC VISION 2012
Questions
Symantec Reference Architecture 38
Thank you!
Copyright © 2012 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.
Symantec Reference Architecture 39
David Troutt
949-836-1174
Top Related