The modern data center grows in complexity every year. Choices regarding hardware and software, new technologies, partnerships and 3rd party support often seem limitless. Nearly every vendor will tell you that they can solve your problem with this piece of hardware or this software suite. Most of them are telling the truth, but they are starting with the solution and working backwards. IT Directors are flooded by concepts and acronyms with very little explanation of what they mean. These are words and ideas like “Hyperconvergence,” “Web-Scalable,” “SDN and Microsegmentation,” “Data Protection,” “3-2-1-1” and the ever-present “Cloud.”
Recently at PDS Connect, we spent ample time with organizations from every industry, every size, and every level of IT maturity. And what we found is that there is a lack of universal definition within certain terminology as well as an undefined universal description for value.
As a follow up to PDS Connect, we want to explore and briefly explain a few of these concepts that we shared within some of our whiteboard sessions from our team of senior architects.
1. 3 Tier vs Hyperconvergence (HCI)
Legacy datacenter architecture is called “3 Tier” because it has three very distinct layers that work together to provide your compute and storage layers. Each layer has many options for customization and configuration, providing a large array of options, many of which vary wildly in cost and effort. Each tier requires knowledge of that specific product and how it integrates with the other layers.
Hyperconvergence (HCI) reduces the complexity by removing the extra tiers. Hosts are connected only to the production network, and provide highly available storage services as part of the hypervisor software and locally attached storage. All of these services can be managed in a single pane of glass, further reducing complexity. This forms the basis of an “On-premise Cloud” that can quickly grow as more resources are needed.
2. Data Protection
As networks grow in speed and capability, the ability to migrate, move, and store data grows as well. Historically, it was not possible to move data quickly enough to do true disaster recovery with very short RTO (Recovery Time Objective) and RPO (Recovery Point Objective). Today most businesses have high speed network connections between locations. This enables low-latency, near real-time replication between sites, allowing datacenter resources to be failed over with minimal to zero downtime, and those resources to be failed back seamlessly.
Today there are technologies that are capable of massive deduplication of data, reducing the footprint of your backups by up to ten times. No longer is it required to dump backups to tape and haul them to a warehouse (or keep them in your trunk), because you can replicate data easily between two deduplicating storage devices, allowing for long term archiving, as well as satisfying the 3-2-1-1 rule. 3-2-1-1 is the principle of having 3 copies of your data, 2 types of media, 1 offsite, and 1 write protected. This assures you the ability to recover from nearly any scenario in a timely fashion.
3. Virtual Networking and Security
If there’s one thing that keeps IT personnel up at night, it’s ransomware. Having a virus being planted on a machine in your datacenter can open your environment to massive data loss, and even if your backups are working perfectly, you will almost certainly lose at least some production data. There are two types of traffic that are common in IT environments. North/South, which is routed and firewall protected traffic between subnets or between a client and the internet, and East/West traffic, which is traffic between clients on the same subnets, mostly unrouted and without any external firewalls. Hardware firewalls are extremely effective at protecting North/South traffic. However, East/West traffic is unprotected because there’s no place to put a firewall. With Software Defined Networking (SDN), you can use abstracted virtual network equipment, which implants custom firewall capabilities within your virtual machine’s vNIC, which allows you to prevent any traffic from leaving the VM at all or to easily customize the type of traffic that can move.
Profiles are applied to the VMs that restrict it to only its necessary functions, and protects your environment from an attacker who has already gotten inside. Having the ability to control your infrastructure so granularly is called “microsegmentation”. Most companies today use Remote Desktop Services of some kind. VDI/Citrix/RDS are all very common, and enable end user access to datacenter resources. Protecting these VMs from being able to damage your network is of paramount concern, and SDN can provide that protection.
So how do you know what’s right for your business?
This is maybe the biggest challenge facing IT. The volume of solutions for nearly every problem is massive. IT personnel are rarely afforded the opportunity to specialize in any specific technology due to a variety of reasons, such as budget or lack of time. This is where PDS comes in. With our PDS Consultative Whiteboard Sessions, we can map the concepts from the points above directly to your environment, and help you roadmap and develop the right solution for your budget and for your sanity.