Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Network Management

    Network management is often reduced to its basic services: fault, configuration, accounting, performance, and security (FCAPS). In the virtualized IT data center, network management is more than a simple tool that facilitates FCAPS: it is an enabler to growth and innovation that provides end-to-end orchestration of all data center resources. Effective network management provides a single-pane view of the data center. This single-pane view enables visibility and mobility and enables the data center operator to monitor and change the environment across all data center tiers. Network management in the virtualized IT data center can be broken down into seven tiers (Figure 1).

    Figure 1: Seven Tier Model of Network Management

    Seven Tier Model of Network Management

    It is the combination of these tiers that provides complete orchestration in the data center and enables operators to turn up new services quickly, and change or troubleshoot existing services using a single-pane view of the data center. The user interface is responsible for interacting with the data center operator. This is the interface from which the data center single-pane view is presented. From the user interface, an operator can view, modify, delete, or add network elements and new services. The user interface acts as a single role-based access control (RBAC) policy enforcement point, allowing an operator seamless access to all authorized devices while protecting other resources from unapproved access. The application programming interface (API) enables single-pane management by providing a common interface and language to other applications, support tools, and devices in the data center network (REST API is an example commonly used in network management). The API enables the single-pane view by abstracting all support elements and presenting them through a single network management interface – the user interface.

    The network management platform should have the capability to support specialized applications. Applications in the network management space are specifically designed to solve a specific problem in the management of the data center environment. A single application on the network management platform can be responsible for configuring and monitoring the security elements in the data center, while another application is designed to manage the physical and virtual switching components in the data center. Again, the abstraction of all of these applications into a single-pane view is essential to data center operations to ensure simplicity and a common management point in the data center.

    The next tier of data center network management is the global network view. Simply put, this is the tier where complete view of the data center and its resources can be assembled and viewed. This layer should support topology discovery, the automatic discovery of not only devices, but how those devices are interconnected to one another. The global network view should also support path computation (the link distance between network elements as well as the set of established paths between those network elements). The resource virtualization tier of network management enables management of the various endpoints in the data center and acts as an abstraction layer that allows the operator to manage endpoints that require different protocols such as OpenFlow or Device Management Interface (DMI).

    The common data services tier of network management enables the various applications and interfaces on the network management system to share relevant information between the layers. An application that manages a set of endpoints might require network topology details in order to map and potentially push changes to those network devices. This requires that the applications within the network management system share data; this is enabled by the common data services layer.

    Managed devices in the network management role are simply the endpoints that are managed by the network management system. These devices include physical and virtual switches, routers, VMs, blade servers, and security appliances, to name a few. The managed devices and the orchestration of services between those devices is the prime purpose of the network management system. Network management should be the answer to the question, ”how does a data center operator easily stand up and maintain services within the data center?” The network management system orchestrates the implementation and operation of the managed devices in the data center

    Finally, integration adapters are required within a complete network management system. As every device in the data center might not be manageable by a single network management system, other appliances or services might be required to manage the entire data center. The integration and coordination of these various network management tools is the purpose of this layer. Some data center elements such as Virtual Machines might require VMware ESXi server to manage the VMs and hypervisor switch, while another network management appliance monitors environmental and performance conditions on the host server. A third system might be responsible for configuring and monitoring the network connections between the blade servers and the rest of the data center. Integration adapters enable each of these components to talk to one another and, in many cases, allow a single network management system to control the entire network management footprint from a single pane of glass.

    Out-of-Band Management

    The requirements for out-of-band management include:

    • Administration of the compute, network, and storage segments of the data center.
    • Separation of the control plane from the data plane so the management network remains accessible.
    • Support for 1-Gigabit Ethernet management interfaces.
    • Provide traffic separation across compute, network, and storage segments.
    • Enable administrators access to the management network.
    • Deny management-to-management traffic.

    Some of the key elements of this design are seen in Figure 2.

    Figure 2: Out of Band Management Network Design

    Out of Band Management Network Design

    To provide out-of-band management in the virtualized IT data center, this solution uses two pairs of EX4300 switches configured as a Virtual Chassis (Figure 3). The key connection and configuration steps include:

    • • Connect all OOB network devices to the EX4300 Virtual Chassis (100-Megabit Fast Ethernet and 1-Gigabit Ethernet).
    • Configure the EX4300 Virtual Chassis OOB management system in OSPF area 2.
    • Connect the 2 IBM 3750 standalone servers that host the management VMs (vCenter, Junos Space, Network Director 1.5, domain controller, and Junos Pulse gateway) to the EX4300 Virtual Chassis.
    • • Create four VLANs to separate storage, compute, network, and management traffic from each other.
    • Manage and monitor the VMs on the test bed using VMware vSphere and Network Director 1.5.

    Figure 3: Out of Band Management – Detail

    Out of Band Management – Detail

    Network Director

    To provide network configuration and provisioning in the virtualized IT data center, this solution uses Juniper Networks Network Director. Network Director 1.5 is used to manage network configuration, provisioning, and monitoring

    Security Director

    To provide security policy configuration in the virtualized IT data center, this solution uses Juniper Networks Security Director. Security Director is used to manage security policy configuration and provisioning.

    This design meets the network management requirements of managing both virtual and physical components within the data center and handling the FCAPS considerations.

    Published: 2015-04-20