Vblock Solution for Trusted Multi-Tenancy: Design Guide - VCE

More documents

Recommendations

Info

To illustrate, if Tenant Orange has dedicated UCS blades, it is recommended to allow only Tenant Orange-specific VLANs to ensure that only Tenant Orange has access to those blades. Figure 19 shows a dedicated service profile for Tenant Orange that uses a vNIC template as Orange. Tenant Orange VLANs are allowed to use that specific vNIC template. However, a global vNIC template can still be used for all blades, providing the ability to allow or disallow specific VLANs from updating service profile templates. Figure 19. Dedicated service profile for Tenant Orange VSAN considerati ons in UCS A named VSAN creates a connection to a specific external SAN. The VSAN isolates traffic, including broadcast traffic, to that external SAN. The traffic on one named VSAN knows that the traffic on another named VSAN exists, but it cannot read or access that traffic. The name assigned to a VSAN ID adds a layer of abstraction that allows you to globally update all servers associated with service profiles that use the named VSAN. You do not need to individually reconfigure servers to maintain communication with the external SAN. You can create more than one named VSAN with the same VSAN ID. In a cluster configuration, a named VSAN is configured to be accessible to only the FC uplinks on both fabric interconnects. © 2013 VCE Company, LLC. All Rights Reserved. 50
Figure 20 shows that VSAN 10 and VSAN 11 are configured in UCS SAN Cloud and uplinked to an FC port. Figure 20. VSAN configuration in UCS Figure 21 shows how an FC port is assigned to a VSAN ID in UCS. In this case, uplink FC Port 1 is assigned to VSAN10. Figure 21. Assigning a VSAN to FC ports © 2013 VCE Company, LLC. All Rights Reserved. 51
Page 1 and 2: Vbl oc k Sol uti on for Trus ted M
Page 3 and 4: Contents Introduction .............
Page 5 and 6: Design cons iderations for availabi
Page 7 and 8: Introduction The Vblock Solution fo
Page 9 and 10: Trusted multi-tenancy foundational
Page 11 and 12: Security and compliance Security an
Page 13 and 14: Technology overview The Vblock Syst
Page 15 and 16: Compute technologies Within the com
Page 17 and 18: EMC FA ST Cache EMC FAST Cache is a
Page 19 and 20: Cisco Data Center Netw ork Manager
Page 21 and 22: Figure 3. Trusted multi-tenancy des
Page 23 and 24: Netw ork layers Access layer Nexus
Page 25 and 26: The logical topology represents the
Page 27 and 28: Traffic flow in the data center is
Page 29 and 30: Figure 7. Management cluster and re
Page 31 and 32: Resource groups A resource group is
Page 33 and 34: vSpher e cluster specifications Eac
Page 35 and 36: Security The RSA Archer eGRC Platfo
Page 37 and 38: Design considerations for managemen
Page 39 and 40: Configuration While UIM/P automates
Page 41 and 42: Figure 13 describes the provisionin
Page 43 and 44: Design considerations for secure se
Page 45 and 46: Figure 14 shows an example of how t
Page 47 and 48: UCS organizations The Cisco UCS org
Page 49: Figure 18 is an example of a UCS Se
Page 53 and 54: A service provider may want to view
Page 55 and 56: Figure 25 shows an example of an in
Page 57 and 58: To deploy an organization or vApp n
Page 59 and 60: Figure 29 shows different quality o
Page 61 and 62: Figure 31. Organization virtual dat
Page 63 and 64: Element Role User Action Priv ilege
Page 65 and 66: VMw are vCloud Director Role-based
Page 67 and 68: VMw are vCenter Server VMware vCent
Page 69 and 70: Figure 41 shows how port channel 10
Page 71 and 72: VMware v Cloud Director cells VMwar
Page 73 and 74: Design considerations for tenant ma
Page 75 and 76: For example, in vCloud Director, th
Page 77 and 78: Key Vblock System metrics When dete
Page 79 and 80: Design scenarios of VSAN and zoning
Page 81 and 82: Figure 49 is a graphical representa
Page 83 and 84: Figure 50 shows a physical data mov
Page 85 and 86: CIFS stack component CIFS Share ABE
Page 87 and 88: Support for VLAN tagging in iSCSI V
Page 89 and 90: Design considerations for service a
Page 91 and 92: EMC FAST VP storage tiering There a
Page 93 and 94: When a provider virtual data center
Page 95 and 96: LUN masking component authorization
Page 97 and 98: Network encryption The Storage Mana
Page 99 and 100: Local and remote data protection It
Page 101 and 102:
Design considerations for service p
Page 103 and 104:
The following table lists example V
Page 105 and 106:
Use VLANs to achieve network separa
Page 107 and 108:
The traffic flow types break down i
Page 109 and 110:
The following table describes the h
Page 111 and 112:
Deployment recommenda tions Firewal
Page 113 and 114:
Cisco ACE provides a highly availab
Page 115 and 116:
The IPS deployment in the data cent
Page 117 and 118:
Cisco A CE, Cisco ACE Web Applic at
Page 119 and 120:
Figure 70. Data center access layer
Page 121 and 122:
When a network policy is defined on
Page 123 and 124:
Using a different ERSPAN-id for eac
Page 125 and 126:
A VLAN access control list (VACL) i
Page 127 and 128:
Virtual por t channel A vi rtual po
Page 129 and 130:
Design considerations for service p
Page 131 and 132:
Design considerations for secure se
Page 133 and 134:
Design considerations for security
Page 135 and 136:
RSA enV ision RSA enVision helps th
Page 137 and 138:
Conclusion The six foundational ele
Page 139 and 140:
Next steps To learn more about this
Page 141 and 142:
Acronym LACP LUN MAC NAM NAT NDMP N
Page 143:
ABOUT VCE VCE, formed by Cisco and
show all

Vblock Solution for Trusted Multi-Tenancy: Design Guide - VCE

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?