VMware, Cisco and NetApp announce Secure Multi-Tenancy architectural blueprint

From VMware, Cisco and NetApp Sources – The article below was published on Virtualization.info

vmware logocisco logonetapp logo

Today, with a joint webcast, VMware, Cisco and NetApp announced a new partnership.

The three companies created an architectural blueprint, and they jointly own the intellectual property (IP) of it, called Secure Multi-Tenancy.

It’s available today, since it doesn’t include any new product or technology, ready to be implemented and deployed through partners.

The announcement is nowhere near the launch of the Virtual Computing Environment coalition that VMware, Cisco and EMC used to shake the market in November 2009, but takes a similar approach in offering pre-tested and validated computing stacks.

Specifically, the fault-tolerant architecture includes VMware vSphere and vShield, Cisco Unified Computing System (UCS), the Nexus 1000V virtual switch and MDS Switches, and NetApp
MultiStore with Data Motion technology:

IVAIVA_components

VMware, Cisco and NetApp designed the architecture around four principles:

  • Availability allows the infrastructure to meet the expectation of compute, network, and storage to always be available even in the event of failure. Like the Secure Separation pillar, each layer has its own manner of providing a high availability configuration that works seamlessly with adjacent layers. Security and availability are best deployed from a layered approach.
  • Secure Separation ensures one tenant does not have access to another tenant’s resources, such as virtual machine (VM), network bandwidth, and storage. Each tenant must be securely separated using techniques such as access control, VLAN segmentation, and virtual storage controllers. Also, each layer has its own means of enforcing policies that help reinforce the policies of the adjacent layers.
  • Service Assurance provides isolated compute, network, and storage performance during both
    steady state and non-steady state. For example, the network can provide each tenant with a certain bandwidth guarantee using Quality of Service (QoS), resource pools within VMware help balance and guarantee CPU and memory resources, while FlexShare can balance resource contention across storage volumes.
  • Management is required to rapidly provision and manage resources and view resource availability. In its current form, each layer is managed by vCenter, UCS Manager, DC Network Manager, and NetApp Operations Manager, respectively.

Compared to the VMware-Cisco-EMC Vblock computing stack, this solution seems to lack a unified management console that can coordinate all the other pieces (in the VCE Vblocks that piece exists: it’s the EMC Ionix Unified Infrastructure Manager) but the description above seems to suggest that future generations will have something different.

Overall, the blueprint is really interesting and customers may welcome this new attempt to reduce their investment in the design phase. The only problem is that the customer’s security department has to trust vShield, a virtual firewall that VMware acquired from the startup Blue Lane Technology in November 2008 and that was launched in early 2007.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s