HCIE-DC V1.0 Training Material 1 Cloud Data Center Solutions

The privilege of HCNA/HCNP/HCIE:
With any Huawei Career Certification, you have the privilege on http://learning.huawei.com/en to enjoy:
n
 1、e-Learning Courses： Logon http://learning.huawei.com/en and enter Huawei Training/e-Learning
/e

o m
If you have the HCNA/HCNP certificate：You can access Huawei Career Certification and Basic Technology e-Learning
courses.
e i .c
If you have the HCIE certificate: You can access all the e-Learning courses which marked for HCIE Certification Users.
aw

Methods to get the HCIE e-Learning privilege : Please associate HCIE certificate information with your Huawei account, and
hu

email the account to Learning@huawei.com to apply for HCIE e-Learning privilege.

g .
 2、 Training Material Download
i n

arn
Content: Huawei product training material and Huawei career certification training material.

//le
Method：Logon http://learning.huawei.com/en and enter Huawei Training/Classroom Training ,then you can download
training material in the specific training introduction page.
p :
 3、 Priority to participate in Huawei Online Open Class (LVC)
t t

s :h
The Huawei career certification training and product training covering all ICT technical domains like R&S, UC&C, Security,
4、Learning Tools: rc e
Storage and so on, which are conducted by Huawei professional instructors.
u

s o
eNSP ：Simulate single Router&Switch device and large network.

R e
WLAN Planner ：Network planning tools for WLAN AP products.

n g
In addition, Huawei has built up Huawei Technical Forum which allows candidates to discuss technical issues with Huawei experts ,
ni
share exam experiences with others or be acquainted with Huawei Products.
a r
 Statement:
L e
r e
This material is for personal use only, and can not be used by any individual or organization for any commercial purposes.
o
M
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential 1
Huawei Data Center
Solution
n
/e
o m
www.huawei.com
e i.c
w
hua
g.
ni n
Copyright © 2017 Huawei Technologies Co., Ltd. All rights reserved.
ar
l e
: //
h ttp
s :
r ce
s ou
Re
n g
r ni
e a
e L
or
M
Foreword
 The development of cloud computing and Big Data technologies
greatly improves the construction, deployment, and maintenance
of DCs. This document describes the overview, development
n
/e
trends, and advantages of Huawei data center solution.
o m
ei.c
w
hua
g.
n i n
ar Page 2
l e
: //
h ttp
s :
r ce
s ou
Re
n g
r ni
e a
e L
or
M
Objectives
 Upon completion of this course, you will be able to:
 Understand the data center architecture.
 Master data center development trends.

n
 Know advantages of the Huawei data center solution.
/e
o m
ei.c
w
hua
g.
n i n
ar Page 3
l e
: //
h ttp
s :
r ce
s ou
Re
n g
r ni
e a
e L
or
M
Contents
1. Data Center Overview
2. Data Center Development Trends and Challenges
3. Huawei Data Center Solution

n
/e
o m
ei.c
w
hua
g.
n i n
ar Page 4
l e
: //
h ttp
s :
r ce
s ou
Re
n g
r ni
e a
e L
or
M
What Is a Data Center?
 A data center implements centralized data processing, storage, transmission,
exchange, and management in physical space. Computers, servers, network
devices, and storage devices are considered as key data center devices. Power
supply systems, air conditioning systems, cabinets, fire protection systems,
n
/e
monitoring systems, and other systems that affect the operating environment
m
of key devices are key physical facilities.
o
ei.c
w
hua
g.
n i n
ar Page 5
l e
: //
ttp
 "A data center is a facility used to house computer systems and associated components, such
h
as telecommunications and storage systems. It generally includes redundant or backup
:
s
power supplies, redundant data communications connections, environmental controls (for
r ce
example, air conditioning, fire suppression) and various security devices," as defined by
ou
Wikipedia.
es
R
n g
r ni
e a
e L
or
M
Data Center Types
n
/e
o m
i.c
Enterprise Data Center Service Data Center Internet Data Center
e
Scale: 1000 to 5000 physical servers Scale: 2000 to 10,000 physical servers Scale: 5000 to 10,000 physical servers
Typical applications: VDI and enterprise businesses Typical applications: IaaS and VDCs Typical applications: searching for services and
w
Typical customers: Huawei and China Petrochemical Typical customers: Amazon and China Mobile portals
Corporation (Sinopec Group) Typical customers: Google and Baidu
h ua
.
Traditional service IDCs Cloud service IDCs Traditional service IDCs Cloud service IDCs Traditional service IDCs Cloud service IDCs
i n g
r n
l e a Page 6
: //
ttp
 A data center is an infrastructure that accesses and bears services. Data centers are classified
h
into Internet Data Center (IDC), Enterprise Data Center (EDC), and Service Data Center (SDC).
:
s
r ce
s ou
Re
n g
r ni
e a
e L
or
M
Data Center Composition
 A data center, which is a service-oriented infrastructure, plays a core
role in company business operation and future development. It consists
of the following:
Security network architecture
n
/e

Available infrastructures including equipment rooms, power generators,

m

UPSs, and air conditioners

o
 Integrated server and application platform
ei.c
Centralized storage and backups
w
ua

h
 Unified system management platform
 Customer service–based O&M management organizations and process

g.
n i n
ar Page 7
l e
: //
h ttp
s :
r ce
s ou
Re
n g
r ni
e a
e L
or
M
Typical Architecture of a Data Center
Storage switching network
Servers
n
/e
m
Storage systems
o
e i.c
w
Data network
hua
g.
n i n
ar Page 8
l e
: //
h ttp
s :
r ce
s ou
Re
n g
r ni
e a
e L
or
M
Logical Architecture of a Data Center
 Core network area: The core network connects server areas, enterprise's intranets, partner's networks, and access
networks for external users and DR centers.
 Server area: Servers and application systems are deployed in this area. To ensure security and scalability, the server area
is classified into production, office, test, and DMZ service areas.
 Storage area: FC SAN and IP SAN storage devices and networks are included.
n
/e
 Internet area: This area connects enterprise users and external users to the data center. Considering security and
scalability, the network is classified into the intranet, partner network, and Internet based on user types. The intranet
m
connects to networks of the headquarters and branches through the campus network and wide area network (WAN).
o
The partner network connects to partner networks through metropolitan area dedicated lines and wide area dedicated
i.c
lines. Through the Internet, external users can access the data center, and staff on business trips can access offices
e
where the wide area network (WAN) does not cover.
w
 DR center network area: This area connects DR centers. The production center connects to the DR center in the same
ua
city through transmission devices, and connects to the DR center in a different place through the dedicated WAN.
 O&M management area: This area manages networks, servers, application systems, and storage. It provides the fault,
configuration, performance, and security management functions.
. h
i n g
r n
l e a Page 9
: //
h ttp
s :
r ce
s ou
Re
n g
r ni
e a
e L
or
M
Physical Architecture of a Data Center
Branches Headquarters External DR centers
organizations
SDH/VPN SDH/VPN SDH/VPN INTERNET SDH/WDM
External
access layer IPS
n
Firewall Firewall
/e
m
Core layer
o
e i.c
w
Server layer Unified O&M
management
ua
RemoteStandby Power
RunAttention
FaultSP PresentPower
hp rp74xx
RemoteStandby Power
RunAttention
hp rp74xx
RemoteStandby Power
RunAttention
hp rp74xx
RemoteStandby Power
RunAttention
hp rp74xx
RemoteStandby Power
RunAttention
hp rp74xx
RemoteStandby Power
RunAttention
hp rp74xx
RemoteStandby Power
RunAttention
hp rp74xx
RemoteStandby Power
RunAttention
hp rp74xx
RemoteStandby Power
RunAttention
hp rp74xx
RemoteStandby Power
RunAttention
hp rp74xx
RemoteStandby Power
RunAttention
hp rp74xx
RemoteStandby Power
RunAttention
hp rp74xx
RemoteStandby Power
RunAttention
hp rp74xx
RemoteStandby Power
RunAttention
hp rp74xx
RemoteStandby Power
RunAttention
hp rp74xx
service zone
h
Service zone 1 Service zone 2 Other service zone DMZ
Storage layer Fibre Channel
g.
n
IP SAN switches Tape libraries
i
FC SAN
r n
l e a Page 10
: //
h ttp
s :
r ce
sou
Re
n g
r ni
e a
e L
or
M
Contents

n
/e
o m
ei.c
w
hua
g.
n i n
ar Page 11
l e
: //
h ttp
s :
r ce
s ou
Re
n g
r ni
e a
e L
or
M
Challenges to Traditional Data Centers
Sharply increased power consumption of equipment Low cooling efficiency
rooms because of rapid service growth
device power consumption

Development trends of
n
/e
o m
i.c
Poor scalability Distributed monitoring management
Power consumption monitoring

of equipment rooms
w
resourcese
Dynamic regulation of IT
ua
Modular expansion Monitoring and
management
. h
i n g
r n
l e a Page 12
: //
ttp
 The power consumption of equipment rooms in traditional DCs increases rapidly from 3-5 kW
h
per cabinet to 10 kW+ per cabinet in proportion to the growth of 3G, cloud computing, and
:
s
Internet of Things (IoT) services. Local overheating becomes the greatest threat to the safe
operation of devices.
r ce

s ou
Cabinets face the same direction, which may cause incremental heat. Air conditioners supply
Re
air through the upper cap, mixing cold air with hot air. Cabinets do not provide blind flanges
for preventing air backflow. Cables are not properly arranged, preventing smooth air flow
n g
and degrading maintainability and reliability.
r ni
Constructing an equipment room takes one to two years. The original construction plan may
a

e
lag behind rapid service growth. Equipment rooms are deployed as required and expanded
L
e
based on modules to maximize resource utilization.
or  Traditional DCs only focus on monitoring. The new-generation DCs emphasize both
M monitoring and management and intelligent interworking between IT devices and equipment
room infrastructures, improving management efficiency.
High Maintenance Cost
 The data center is plagued by high costs and power consumption.
More and more servers and other IT devices not only take high
capital expenditure (CAPEX), but also increase operating expense
n
/e
(OPEX). The statistical data from Accenture shows that OPEX has
accounted for 72% of the total IT budget. The CAPEX of
o m
i.c
traditional DCs is presented by the iceberg model shown in the
figure.
w e
hua
g.
n i n
ar Page 13
l e
: //
h ttp
s :
r ce
s ou
Re
n g
r ni
e a
e L
or
M
Multiple Services and Devices
BYOD Mobile phone x Number of

persons
Office PC x Number of Office PC x Number of persons

terminal persons terminal
Enterprise x86 servers B2B, B2C x86 clusters

website
n
HR x86 servers HR management x86 servers
/e
management
Customer x86 servers Social x86 servers

management marketing
Office
terminal
PC x Number of
persons
Decision
analysis
Midrange
computers
Big data analysis x86 clusters and midrange
computers
o m
i.c
Customer x86 servers ERP Midrange ERP x86 clusters and midrange
management computers computers
e
Finance Midrange Finance Midrange Finance/ x86 servers and midrange
management computers management computers Transaction computers
w
Finance PCs Scheduling Midrange Scheduling Midrange Scheduling x86 servers and midrange
management management computers management computers management computers
ua
Production Midrange Scientific Mainframe Scientific x86 cluster Scientific x86 clusters
scheduling computers computing computers computing computing
. h
Scientific Mainframe Scientific Mainframe Production core Mainframe Production core Mainframe Production Midrange computers and x86
computing computers computing computers computers computers core clusters
1970s 1980s 1990s 2000s
i n g 2010s
r n
l e a Page 14
: //
ttp
 This page describes the trend that IT becomes more and more complex and the midrange
h
computers and x86 servers are in hybrid deployment. It is the system complexity instead of
:
the midrange computer replacement trend that is emphasized.
s
r ce
The enterprise IT development process is a process to replace manpower and human brains
ou

continuously. Similar to a human body, the enterprise IT is also a very complex system. The
es
more tasks the enterprise IT takes, the higher its complexity is. For example, the number of IT
R
devices increases linearly as the types of IT service applications become diversified. In
n g
addition, larger enterprise scale is another factor for the enterprise IT to become a complex
system.
r ni

e a
For example, a large-scale enterprise Telifonia has the following:
e L
or
 More than 85 DCs
Over 50,000 servers

M

 More than 35 programming languages
 Over five types of operating systems (OSs) and 20 types of versions
 More than 4000 applications
 More than 10 types of databases
 Over 25 types of middleware
 More than 10 PB data volume

 Another enterprise (Huawei) has more than 150,000 employees, more than 140 national
nodes, 700 offices, 1.92 billion emails each year, 120 million orders each year, and 5.69 PB
total data volume. The computing amount and storage capacity of the IT system increase by
39% and 32% respectively each year.
n
/e
o m
e i.c
w
h ua
g.
n i n
ar
l e
: //
h ttp
s :
r ce
s ou
Re
n g
r ni
e a
e L
or
M
Traffic Explosion
Accessing high-speed and large-capacity devices Increasing east-west traffic
n
/e
o m
➢ Services require strong processing capabilities, high access
e
➢ Big Data, and concurrent computing (3D rendering and
i.c
w
bandwidth, and flexible interaction. 10GE or 40GE access searching) services require cooperation between
ua
bandwidth for servers and storage, 40GE or 100GE access server clusters, causing a large volume of east-west
bandwidth at the network side will be the development trend traffic.
of cloud computing network in future 10 years.
. h
➢ VMs need to synchronize a large amount of data in
➢ High-density and high-performance access devices become
future mainstreams. migration.
i n g
real time to support flexible deployment and dynamic
r n
l e a Page 16
: //
h ttp
s :
r ce
s ou
Re
n g
r ni
e a
e L
or
M
Service-Driven
2012.1
Unit: Million 0
2012.0
9
300M Russia
2011.1 London
R
R
0
2011.5 200M USA
R
Beijing Toky
o
n
Bahrain E Nanjing
2011.4 R E
E Shenzhen
R
/e
50M Mexico
R
Hongkong
10M
5M South
m
Africa
R
Brazil
o
R
i.c
Subscribers grow by 100 million in one month. 100 ms latency
E EDC R RDC SR cycle
Unified user experience across regions

w e
ua
Quickly responding to service requirements
. h
i n g
r n
l e a Page 17
: //
ttp
 The WeChat was initially launched in 2011. It took half a year for the number of users to
h
increase from 5 million to 50 million and less than one month to increase from 200 million to
:
s
300 million. As the services increase more and more quickly, how to quickly respond to the
r ce
resource requirements of services is a huge challenge for traditional DCs. It took 200 days for
ou
the deposit amount of Yu'ebao (a Chinese Internet wealth management product) to increase
s
from 0 to 250 billion and less than one month to increase from 250 billion to 400 billion.
e

R
Nowadays, as the service scale increases, more and more enterprises, especially large groups,
n g
have established branches all over the country/world. How to meet the service requirements
r ni
in different regions and provide optimal service experience is a huge challenge. This picture
a
shows Huawei's data centers all over the world.
e

e L
For example:
or  EDC:
M  Primary DCs and intra-city DR centers in Dongguan
 Remote DR centers in Nanjing

 RDC:
 Eight RDCs are kept within 100 ms, covering services of regions including Hong Kong,
UK, Russia, Bahrain, South Africa, United States, Mexico, and Brazil.
 SR:Three types of SRs are as follows:
 Base SRs (SR1), which are located in Shanghai, Beijing, Chengdu, Hangzhou, Xi'an,
Wuhan, Suzhou, and India
n
/e
 Law Compliance (SR2): Toronto and Australia
 Other (SR3)
o m
ei.c
w
h ua
g.
n i n
ar
l e
: //
h ttp
s :
r ce
s ou
Re
n g
r ni
e a
e L
or
M
What Service DCs Need to Be Built?
Quick service rollout: Caters to organization and

Free and flexible
Innovation Center service adjustments and changes.
Flexible scalability: Rapidly matches service peak

and trough status, flexibly scheduling resources.
Quick service rollout
Free rollback: Saves the service status and data in
n
/e
Flexible scalability of services Time different periods and implements rapid rollback
Subsequent standard architecture when a fault occurs.
m
Smooth evolution: Provides an architecture
Management cost reduction meeting service needs in future 10 years,
o
Fault recovery time (< one day) protecting existing investments.
Resource utilization improvement
i.c
Smooth evolution
High stability and reliability Unified user experience: Provides
Space undifferentiated user experience across regions.
e
Global services
w
Support Profit Center Open multi-device: Supports devices from
multiple vendors, preventing vendor lock-in.
ua
Center
. h
i n g
r n
l e a Page 19
: //
ttp
 Two points are described as follows:
: h
Open architecture guarantees current investments and supports third-party products.
s

r ce
VDCs are evolved from service-driven distributed DCs.
s ou
Re
n g
r ni
e a
e L
or
M
DC Development Phases
DC Evolution
Phase 3
Cloud Computing
•VDC/VDI
•Virtualization
Phase 2
n
•Intelligent
Phase 1
Data Centralization
/e
m
•High reliability and security
•Disaster recovery and backup Cloud
o
Decentralized Management •Unified device management
i.c
•Data decentralization
•Interconnection
•Report synchronization
w e
h ua
g.
n i n Time

ar Page 20
l e
: //
ttp
 Based on the development of network technologies, such as 100G network platforms, DCs
h
will focus on cloud computing services and tend to virtualization, automation, and
:
intelligentization.
s
r ce
Cloud computing, which is the next-generation IDC platform, provides the following features:
ou

es
Innovative business models: Infrastructure as a Service (IaaS), Platform as a Service
R
(PaaS), and Software as a Service (SaaS).
n g
Scalable computing resources: IT resources are accessible anytime and on-demand,
ni
and are easy to scale.
a r
e
 Innovative IT&CT technologies: virtualization, distributed computing, intelligentization,
e L and automation
or
M
Cloud DC
OpenStack
DCaaS
SDN
Distributed cloud
DC Serviceability
Logical centralization
n
services
and unified services
/e
Resource
pooling
Service
m
Resource pooling
resources
o
Computing virtualization
i.c
Resource
Virtualization integration
e
Open hardware
Exclusiveness and closeness Openness and
Openness
w
decentralization
ua
Exclusive and enclosed Isolation and
mainframe computers
centralization Virtualization Public Cloud Software-Defined Networking
1950s 1990s 1998 2006 2014

. h
i n g
r n
l e a Page 21
: //
ttp
 Technical trend — open and flexible service data centers
: h
s
r ce
s ou
Re
n g
r ni
e a
e L
or
M
Characteristics
 A cloud DC has the following advantages:
 Improves IT device utilization.
 Simplifies management.
n
 Rapidly deploys services, flexibly promoting enterprise business
/e
development.
o m
 Implements energy conservation.
ei.c
w
hua
g.
n i n
ar Page 22
l e
: //
ttp
 Improves IT device utilization. Cloud computing uses the virtualization technology to
h
implement the sharing of IT devices, including servers and storage and network devices,
:
s
allows running multiple applications on a physical server, and increases the CPU usage of
ce
servers from 15% to 60% or above through resource sharing.
r
ou
 Simplifies management. In a cloud DC, the administrator can use cloud management
es
software to manage and schedule VMs whose specifications and server hardware are
different in a unified manner. For this reason, the O&M efficiency of cloud DC can be
R
increased by 5 times, that is, the number of VMs/person increases from 10 to 500.
n g
ni
 Rapidly deploys services, flexibly promoting enterprise business development. The enterprise
r
IT system must flexibly adapt to service changes because markets are being globalized and
a
e
informationized. In a cloud DC, IT devices form a resource pool. IT resources for new services
e L
can be applied for using an electronic template over the network and approved by relevant
or
approval departments, which completely replaces the complicated resource application
processes of traditional DCs, such as application, approval, procurement, and commissioning.
M 
The duration for service rollout is shortened from three months to several days.
Implements energy conservation. High utilization greatly reduces the number of the required
DC servers. The low power consumption of servers also brings the decreased power
consumption of hot load and infrastructure plug-ins. New cooling technologies such as
linkage management, chilled water in-row air conditioners, natural cooling, and confined cold
and hot aisles effectively reduce the energy consumption of DC cooling. Therefore, the power
consumption of cloud DCs is significantly reduced. Compared with traditional DCs, cloud DCs
have the Power Usage Effectiveness (PUE) reduced from 2.5-3.0 to 1.5 or below.
Development Trends
Service-Driven Cloud
Cloud
Cloud Services Services
Management
• Cloud-based key services
• Unified capacity • Self-service virtual • Industry clouds, including power
management
IaaS network services clouds, financial clouds, policing
• Multi-tenant VDC self- • STaaS clouds, e-Government clouds, and
• Automatic provisioning
service operation • DRaaS telecom clouds
n
Service Silos of VMs, cloud disks, and
• Multi-resource pool, • PaaS • Forming the cloud service industry
/e
EIPs
• Service silos multi-DC, and • Hybrid cloud services chain and developing DC2-based
• Virtual resource pooling
• Manual operations heterogeneous • Complete cloud service ISV applications
• Cloud management
virtualization
m
• Lack of provisioning tenant- catalogs • Intelligent cloud service O&M
platforms
oriented standard services management • •
o
Service orchestration and Cloud service cost and version
• Global role and
• Lack of virtualization or • SDN interconnection
i.c
SLA management management
authorization
manual virtualization • Standard cloud services • Advanced security
management
• Lack of global capacity • Basic automation mechanisms
e
• Measurement and cost
planning deployment
accounting
• Security compliance
w
h ua
g.
n i n
ar Page 23
l e
: //
h ttp
s :
r ce
s ou
Re
n g
r ni
e a
e L
or
M
Contents
2. DC Development Trends and Challenges

n
 Cloud DCs
/e
Distributed Cloud DCs
o m
i.c

w e
hua
g.
n i n
ar Page 24
l e
: //
h ttp
s :
r ce
s ou
Re
n g
r ni
e a
e L
or
M
Huawei Data Center Solution Architecture
Governments and Small- and medium-
Internet companies large-sized enterprises sized enterprises
ManageOne
n
/e
Consultation
Traditional Services Value-added Services Cloud Computing Services
Cloud Host Cloud VPC
m
Host leasing Security Storage
o
Cloud disks SSL VPN
Planning
i.c
Public IP Service Object
addresses acceleration ELB storage
IPSec
e
Bandwidth Load Cloud VPN
leasing balancing monitoring
w
Design
Business
ua
Rack leasing Virtualization platform
continuity
h
Delivery
.
IT architecture (servers, storage, networks, and security)
n g
Infrastructure (modular equipment rooms, power distribution systems, and cooling systems)
i
r n
l e a Page 25
: //
h ttp
s :
r ce
s ou
Re
n g
r ni
e a
e L
or
M
Physical Architecture of Cloud DCs
Main DC Backup DC
IP/MPLS
Egress Routers
n
NE40E/20E
/e
DC interconnections
ManangeOne/eSight
m
Network value-
Core zone added service
zone
o
i.c
Core CE12800 USG 9500
Aggregation and access network zone (POD)
w e
ua
Agg/ToR CE12800/6800/5800
Computing capability + storage capability zone

OTN/SDH
. h
g
Optical Transmission IP/FC SAN Servers
IP SAN Servers FC SAN
n
Blade Servers Rack servers
OSN
n i
ar Page 26
l e
: //
h ttp
s :
r ce
s ou
Re
n g
r ni
e a
e L
or
M
Logical Architecture of Cloud DCs
ServiceCenter OperationCenter Replication Director
Self-service Alarm Performance DR strategies Visualized DR
User management Service catalogs Health analysis
networks management management
Management layer Service requests Process approval

Service
automation
Topology
management
Capacity
management
Risk analysis DR drills DR switchover
Open API
Alarms, performance, capacity, and topologies
Third-party monitoring
eSight
system
n
/e
Security zone VDC-1 Security zone Security zone VDC-2
Service layer vRouter vRouter
m
vFW
o
VM VM VM VM VM VM VM
i.c
DC A DC B
Virtualization layer
Network resource pool Network resource pool
w e
ua
Computing resource pool Storage resource pool Computing resource pool Storage resource pool
AZ
Physical DC
. h
g
Infrastructure layer DC A
DC B
n
DC C
i n
ar Page 27
l e
: //
ttp
 This slide focuses on the logical architecture of a cloud DC:
: h
Multiple resource pools including computing, storage, and network resource pools are
s

ce
built in each physical DC.
r
ou
 Multiple VDCs are built in a resource pool. Each VDC includes multiple security zones,
s
each of which contains vRouters, vFWs, and VLBs for resource access control.
e

R
ServiceCenter uses open APIs to create resources in VDCs. OperationCenter processes
g
the maintenance information of VDCs. DR management manages the DR capabilities of
n
ni
VDCs.
a r
L e
e
or
M
Customer Group Analysis
 Provides self-built IT systems and rents bandwidth
➢ Large customer groups and high
and equipment rooms.
infrastructure requirements
 Has high network bandwidth requirements.
➢ Various requirements about power
 Requires cabinets of middle and high power
density, that is, 5-10 kW. density and security grade
Internet companies
n
 Uses carriers' IDCs to build or improve the IT ➢ Sensitive to the initial IT system
/e
m
service system.
investment
o
i.c
 Has simple IT requirements and requires low and
➢ Failure to build a complete IT
middle power density.
e
system
Small- and medium-sized enterprises
w
ua
 Rents IDC bandwidth and equipment rooms to build
➢ Personalized application
the IT service system.
h
requirements and self-built IT
.
 Purchases the IDC hosting service for the IT service
system ready
g
system or IT resources, or outsources them to the
n
➢ High data security requirements
i
IDC.
n
Governments and large-sized enterprises

ar Page 28
l e
: //
h ttp
s :
r ce
s ou
Re
n g
r ni
e a
e L
or
M
Internet Users
 Value-added services: on-demand allocation, dynamic deployment, SDN-based
service innovation, and virtualization-based value-added security services
 Agile networks, off-the-shelf services, and on-demand resource allocation
n
 Virtual service innovation based on SDN + VXLAN
 vFW-based value-added security services

/e
 Scalable equipment rooms: Expands equipment rooms and uses modular IDCs
o m
i.c
to meet users' service requirements.
 Modular equipment room layout
w e
ua
 Small-scale standard components, on-demand expansion, and phased investments
. h
i n g
r n
l e a Page 29
: //
ttp
 Add elastic and value-added services of equipment rooms to attract users, increase
h
equipment rooms of elastic modular design to meet service requirements, and expand new
:
value-added services.
s
r ce
s ou
Re
n g
r ni
e a
e L
or
M
Small- and Medium-Sized Enterprises
 Cloud computing provides elastic and on-demand renting IT resources for small- and
medium-sized enterprises.
The user applies for
4 and uses resources
on virtual servers.
Network resource pools
n
/e
2
Storage resource pools
The user logs in to the
m
portal over an Internet
Computing resource pools
web page.
o
i.c
5 Cloud Computing IDC
Generates the charging
information and charges 1
w e
ua
users for services. The cloud computing
platform virtualizes
physical resources in a
. h
resource pool.
3
g
Verifies the user ID (including
n
registration and
i
Authentication authentication).
n
System
Physical devices

ar Page 30
l e
: //
ttp
 Market characteristics:
: h
Uncertain IT device requirements: The service volume is unpredictable, and IT resource
s

ce
requirements are unclear.
r
ou
 Unexpected IT resource requirements: The service volume increases in a specified
s
period and decreases quickly, displaying a phase-based trend based on IT resources.
e

R
Low cost: The investment budget is insufficient and depends on service growth and
scale.
n g

r ni
Customer-centric:
e a Pioneering enterprises: Unable to predict how many IT devices are required to meet
L

e
their unpredictable service volume and invest less.
or  SMEs: Rent elastic IT resources to construct their own IT environment and service
M platforms
 Solution highlights:
 Elastic configuration and on-demand lease: Virtual computing resources, storage

resources, and network resources are leased by using the Ethernet.
 Self-service and rapid deployment: You can apply for, schedule, charge, and query
resources without the help of others.
 Low costs and good user experience: The TCO of the elastic computing is lower than
that of the traditional service mode, and the self-service function quickens service
response.
Governments and Large-Sized Enterprises
 Cloud computing provides governments and large-sized
enterprises with end-to-end hosting solutions.
Device
n
Government Transportation Healthcare
Manufacturing
/e
IP
o m
Virtual IDC hosting VDC
ei.c
w
ua
Early-stage After-sale Security
Professional services Managed services
consultancy support monitoring
. h
i
Virtual computing, storage, and network resource pools
n g
r n
l e a Page 31
: //
ttp
 Construction ideas:
: h
In the initial phase, take current customers as objects to explore the commercial mode
s

ce
of combining IDC clouds with government and enterprise businesses.
r
ou
 Later, use VDCs to bear government and enterprise businesses and VDIs to support
s
government and enterprise offices, building the unified IDC cloud platform.
e
 Key points:
R
n g
ni
 During the initial survey, learn which industries require migrating services to the cloud
r
platform.
e a Verify the technical feasibility.

L

e
or
 Identify the cooperation mode.
Benefits:
M

 Fully match national strategies for energy conservation and emission reduction.
 Lower investments and risks.
 Establish the ecological cooperation relationship with governments and enterprises in

the IT industry.
Features of SD-DC2
Network Value-
Computing Capability +
DCI added Service Core POD
Storage Capability
Zone
•Loosely coupled
n
•Virtualization
•IP + optical architecture •Flexible expansion
/e
•Value-added service deployment
communication •High-performance of aggregation and
zone pooling •Server virtualization
•3DC switching access switches
•DC security •Active-active servers
m
•Multi-DC •Large Layer 2 •EOR/MOR/TOR
•Load balancing •Virtual network
o
interconnection network •FCoE&DCB
awareness
i.c
•Cloud architecture
Loose High
w e
Overall
ua
Openness Virtualization
coupling performance solution
. h
i n g
r n
l e a Page 32
: //
h ttp
s :
r ce
s ou
Re
n g
r ni
e a
e L
or
M
Openness
Evolving SDN
•Intelligent
•Automatic
•Real-time
n
/e
Network forwarding
controller
• Separates the control plane from the forwarding plane and provides
network APIs.
o m
i.c
Mainstream Standards Mainstream Vendors
e
•IP-related protocols
•TRILL
w
•Shortest Path Bridging (SPB) Openness
•Data Center Bridging
ua
and Collaboration
•802.1Qbg
. h
• Follows mainstream standards and protects users' investments. •
i n g
Supports mainstream DC device vendors.
r n
l e a Page 33
: //
h ttp
s :
r ce
s ou
Re
n g
r ni
e a
e L
or
M
Loose Coupling
CPU performance
improvement by the Traffic
multi-core technology Mgmt analysis
x86 becoming the
n
mainstream Application
architecture Firewall acceleration
Core switch
/e
IT resource pooling
o m
i.c
Intrusion Load
Complicated system detection balancing
e
loose coupling
w
Service modules run independently, preventing network breakdown due to a single point of
ua

failure.
h
The loosely coupled architecture separates modules from each other, quickly improving their
.

g
performance.
i n
 Each module can be independently upgraded because the inter-module coupling is low.
r n
l e a Page 34
: //
h ttp
s :
r ce
s ou
Re
n g
r ni
e a
e L
or
M
Virtualization
Unique Virtualization Combination for Resource

Powerful High-Speed VM Migration Capability
Pooling
Virtual System (VS) Cluster Switch System (CSS)
n
nCenter: network strategy TRILL Bridging
management
/e
Campus
CE12800 Radius
m
Offices
Open API Automated network deployment
o
Production VM VM VM
V VM
VM migration
i.c
VM
area M
DMZ vCenter: VM
e
management
CE6800/5800
w
Intelligent Stack (iStack)
h ua
g.
n i n
ar Page 35
l e
: //
ttp
 Network resource virtualization (the unique solution that combines CSS with VS in the
industry to manage switches more flexibly):
: h
s
ce
 In the VS scenario, virtualizes one device into eight virtual switches.
r
ou
 In the CSS scenario, supports a maximum of four chassis in a cluster.
 TRILL:
es
R
Provides the industry-leading layer 2 network that contains 512 nodes.
g

ni n
Follows the standard IETF protocol.

a r
nCenter:
L e Supports the access rate of 1000 VMs/s, which is 10-20 times higher than the industry
e

or
one.
M  Provides open APIs to be compatible with mainstream VM management platforms.

High Performance
Industry-leading hardware platform
to build an elastic cloud network that can be smoothly upgraded
CloudEngine 12800 Series

VRP
Inside
n
/e
CE12812 CE12808 CE12804
m
CloudEngine 12800 Industry level
o
i.c
Line card capability
1Tbps x2 480Gbps
24 x 40GE or 96 x 10GE line cards, line speed throughout
Switching capacity
48Tbps x3 18Tbps
w e
ua
Multi-level switching matrix supports large-capacity switching
h
and future expansion.
.
Slot bandwidth
x4
g
2Tbps 500Gbps
i n
The orthogonal architecture provides a high-speed channel,
n
which can be smoothly upgraded to 4Tbps.

ar Page 36
l e
: //
ttp
 Highly integrated chips to build an energy-saving and low-latency network

: h
Distributed, large-scale, and dynamic cache to construct a high-quality network
s
r ce
s ou
Re
n g
r ni
e a
e L
or
M
Contents

n
 Cloud DCs
/e
SD-DC2
o m
i.c

w e
hua
g.
n i n
ar Page 37
l e
: //
h ttp
s :
r ce
s ou
Re
n g
r ni
e a
e L
or
M
Introduction
 In terms of technology, SD-DC2 is reflected by Software-Defined Data Center
(SDDC). SDDC, which is a key technology of DCs, takes ITaaS (features self-
service, automation, open, and efficient) as its service development trend.
n
Cloud Management Platform
/e
Efficient, automation, open
o m
Backbone
ei.c
w
Cloud OS
(IP + Optical)
hua
Software-Defined Data
g.
Center
n
SDDC = SDC + SDN + SDS
i n
ar Page 38
l e
: //
ttp
 IT as a Service (ITaaS)
 ITaaS = IaaS + NaaS + PaaS + BKaaS +DRaaS + SaaS

: h
s

r ce
The vision of DC2 is to implement ITaaS based on the software-defined data center (SDDC).
ou
 Where: SDDC = SDC + SDN + SDS, that is, SDDC consists of SDC, SDN, and SDS.

es
ITaaS = IaaS + NaaS + PaaS + BKaaS + DRaaS + DCaaS + SECaaS, that is, ITaaS consists of IaaS,
R
NaaS, PaaS, BKaaS, DRaaS, DCaaS, and SECaaS.
n g
ni
 ITaaS features self-service, automation, SLA assurance, full-service life cycle management,
r
elastic scalability, and measurability.
a

L e
Users can use ITaaS to order all IT services on the service catalog and automation engines to
e
or
implement the quick and automatic delivery of services.
For details about management, service, and security features of ITaaS, see corresponding
M

reference materials.
Architecture
IaaS, NaaS, SECaaS, MaaS, PaaS
ManageOne Heterogeneous virtualization

Replication Director ServiceCenter OperationCenter
Physical Gold Silver Gold
n
Resource scheduling
and service automation Midrange x86 server x86 virtual High-performance
/e
DC in Shanghai computer resource pools resource pools storage pools
resource pools
SDN
o m
i.c
VDC1
e
Physical Gold Copper
VDC1
w
ua
DC in Guangzhou
Copper
Midrange computer High-performance virtual General virtual DC in Beijing Physical Gold Silver
resource pools resource pools resource pools
h
SDN
.
Gold Silver
g
Midrange Appliance resource General General storage
n
Computer pools resource pools pools
i
resource pools
SDN
n
High-performance storage General storage
r
pools pools
l e a Page 39
: //
ttp
 This figure shows an SD-DC2 instance. The key features in the figure are as follows:
 The unified management platform ManageOne centrally manages multiple DCs.

: h
s

r ce
Multiple resource pools are constructed in each DC. Each DC can be a heterogeneous
ou
virtualization platform such as vSphere, KVM, or Xen.
es
Resource pools can be classified into computing resource pools and storage resource pools.
R
They are marked with different labels based on their SLA capabilities. The resource
g
scheduling platform selects resources according to user requirements.
n

r ni
ManageOne consists of ServiceCenter, OperationCenter, and Replication Director, which
e a
schedule multiple cloud DCs in a unified manner, implementing the SD-DC2 service
e L
capabilities.
or
 The core is that the unified management platform implements unified scheduling and
M management and service automation on multiple distributed DCs.

Service Process
management
ServiceCenter
Service definition
Service
Service definition
Service metering
Service catalog Administrator
Service order approval
User
Service requests Service metering ManageOne
n
Rapid and automatic Cloud OS FusionSphere
management
/e
service deployment Control Policies
Resource
Cross-DC resource and scheduling
sharing and scheduling
m
Openness and scalability Computing Network Storage
automation automation
o
SDN-Controller automation
×
i.c
High resource
e
Utilization and reuse DC 1 DC 2 Computing
Computing
Infrastructure
Business continuity, VDC 2 VDC 2
w
HA, migration
DC
Multi-tenant, DC network
ua
isolation, SDN
network
Network
1: N and N: 1
Network VDC 1 VDC 1
virtualization
h
High performance, Storage Storage
.
compatibility, scalability
i n g
r n
l e a Page 40
: //
h ttp
s :
r ce
s ou
Re
n g
r ni
e a
e L
or
M
Feature 1: VDC
Business Group 1 VDC Business Group 2 VDC Business Group 3 VDC
Exchange e-commerce ERP
OA CRM
n
/e
m
Gold-level resources Silver-level resources Copper-level resources
o
DC1 DC2
e i.c
VMware
w
ua
Physical Huawei virtual Hyper-V
virtual Physical KVM virtual
resource pools resource pools virtual
resource pools resource pools resource pools
resource pools
. h
g
Branch Branch
n i n
ar Page 41
l e
: //
ttp
 VDC
: h
VDC is a logical data center constructed after the pooling of physical resources. It is a
s

ce
self-service O&M and efficient service platform.
r
ou
 Key capabilities and features:
es
VDC resources: cloud, non-cloud, heterogeneous cloud, and cross-region resources
R
Independent VDC resource management: SLA assurance
g

ni n
Minute-level building of VDCs
a r
VDC self-service O&M
L e VDC self-service operation: self-service provisioning, measurable

e

or  Services throughout the App life cycle
M  DC(Data Center): Is the physical place with the entire physical infrastructure (HW, Storage,
Network Elements, Racks, Power, Cooling) and its management systems.
 VDC(Virtual Data Center): Is the "The Service of Data Center" that can be used. The
Telco/Services Platforms are deployed on the VDCs, A VDC is an isolated entity and shall have
its own management system, its own IP address management, its own communications.
 The Data Center as a Service (DCaaS) capability is provided using VDCs. VDCs provide self-
service O&M and self-service operation capabilities, have the convenience of self-developed
DCs, and have the minute-level construction and capacity expansion capabilities.
Feature 2: Proactive Intelligent
Management
Abnormal fluctuation SLA Capacity management and forecasting
n
/e
o m
e i.c
w
ua
DC in Shanghai
DC in Beijing
. h
DC in Tianjin DC in
Guangzhou
i n g
DC in Hangzhou
r n
l e a Page 42
: //
ttp
 Proactive intelligent management
: h
Provides simple, efficient, and guaranteed SLA infrastructures for massive objects in
s

ce
multiple DCs or resource pools by proactive intelligent O&M.
r
ou
 Key capabilities
es
Proactive O&M of massive objects: health/risk analysis
R
Multi-DC resource pooling, and policy-based scheduling
g

ni n
Unified access and control
a r
L e
e
or
M
Feature 3: SDN
WAN
PE DCI SDN-Controller PE
DC SDN-Controller DC SDN-Controller
n
/e
Firewall
Firewall
LB
VXLAN GW VXLAN GW
LB
o m
TOR
TOR
ei.c
w
Virtual switch Virtual switch
h ua
.
…. ….
g
Server DC1 Server DC2
n i n
ar Page 43
l e
: //
ttp
 As the core node of DC network, the SDN controller upwardly connects to OpenStack to
h
receive and process its provisioned network services such as routers, firewalls, load balancers,
:
s
and networks and downwardly interconnects with the network resource layer including
r ce
switches, load balancers, firewalls, and virtual switches to forward these services.
s ou
Re
n g
r ni
e a
e L
or
M
Thank You n
www.huawei.com /e
o m
ei.c
w
hua
g.
ni n
ar
l e
: //
http
s :
r ce
sou
Re
n g
rni
e a
e L
or
M
Service Driven Distributed
Cloud Data Center Solution
n
/e
o m
www.huawei.com
e i.c
w
hua
g.
ni n
ar
l e
: //
h ttp
s :
r ce
s ou
Re
n g
r ni
e a
e L
or
M
Foreword
 To address challenges for data centers (DCs) and conform to
technology development trends, Huawei launches the Service
Driven Distributed Cloud Data Center (SD-DC2) Solution. The SD-
n
/e
DC2 solution provides an automatic management and
virtualization platform to support fine-grained IT operation by
o m
i.c
using a converged architecture (with computing, storage, and
network resources) as the fundamental unit of resource pools
w e
ua
and constructing a software-defined networking (SDN) service
perception network.
. h
i n g
r n
l e a Page 2
: //
h ttp
s :
r ce
s ou
Re
n g
r ni
e a
e L
or
M
Objectives
 Upon completion of this course, you will be able to:
 Describe the architecture of the SD-DC2 solution.
 Know features of virtual DCs.

n
 Master OpenStack applications in DCs.
/e
 Understand typical deployment cases.
o m
ei.c
w
hua
g.
n i n
ar Page 3
l e
: //
h ttp
s :
r ce
s ou
Re
n g
r ni
e a
e L
or
M
Contents
1. Overview of the SD-DC2 Solution
2. Unified Management of DCs
3. Security Management of DCs

n
4. Typical Deployment of DCs /e
o m
ei.c
w
hua
g.
n i n
ar Page 4
l e
: //
h ttp
s :
r ce
s ou
Re
n g
r ni
e a
e L
or
M
Overview of the SD-DC2 Solution
 The SD-DC2 solution does not aim at improving efficiency and user experience of a single DC. Instead,
it regards multiple DCs as an integrated one. Based on cross-DC management, resource scheduling,
and disaster recovery (DR) design, the SD-DC2 solution provides a cloud platform that migrates cloud
resources across DCs, an O&M management system that centrally manages and schedules resources of
multiple DCs, a large Layer 2 ultra-high bandwidth network, and software-defined DCs. The SD-DC2 has
n
/e
a revolutionary DC architecture, which brings unprecedented benefits and user experience to
customers. It provides the following benefits:
 Reduced total cost of operation (TCO) and increased return on investment (ROI)
o m
i.c
 Enhanced service agility, quick service rollout, and improved user satisfaction
e
 Fewer requirements for IT system management and maintenance resources
w
 The SD-DC2 provides the following key capabilities:
ua
 Provides DC as a Service (DCaaS) for tenants in the form of virtual data centers (VDCs).
h
 Provides cloud infrastructure that is optimized for various application scenarios.
 Supports unified and flexible management of cloud DCs.
g.
n i n
ar Page 5
l e
: //
ttp
 Reduced total cost of operation (TCO) and increased return on investment (ROI): The SD-DC2
h
adopts virtualization technologies to ensure that software is independent of hardware and
:
s
enable the infrastructure with low usage to provide elastic, automated, and secure
r ce
computing resource pools. Resources can be allocated to applications on demand. The SD-
ou
DC2 solution helps enterprises reduce operating expenditure (OPEX) costs by resource
s
consolidation and automation. The adopted distribution technology logically unifies resources
e
R
of multiple DCs, improving resource usage and reducing infrastructure investments.
n g
Enhanced service agility, quick service rollout, and improved user satisfaction: The SD-DC2
ni

r
solution allocates resources on demand using virtualization technology and supports all-
a
round management and service automation. Self-service capabilities allow users to apply for
e
e L
computing, storage, and network resources on a per use basis.
or
 Fewer requirements for IT system management and maintenance resources: The SD-DC2
M
solution supports self-service capabilities. Users can apply for services by themselves, which
minimizes dependency on the IT department. Automated workflows can be created based on
standard processes, such as event management, problem management, change management,
and release management.
 Using VDCs to provide DCaaS for tenants: As a Software-Defined Data Center (SDDC), a VDC
provisions tenants with DCaaS. Resources of a VDC originate from different resource pools of
physical DCs and are categorized into computing, storage, network, and bare metal physical
server resources. The resource capacity of a VDC is specified during creation by the VDC
administrator applying for the resource or by the system administrator. After the capacity is
approved, the resource is provisioned for VDC users.
 Cloud infrastructure optimized for various application scenarios: Application scenarios have
varying requirements on the infrastructure of cloud DCs. For different scenarios, this solution
n
provides different infrastructure to meet upper-layer applications' varying needs and
/e
improve the efficiency and delivery capability of infrastructure.
o m

e i.c
Unified and flexible cloud DC management capabilities: Resources of a distributed cloud DC
w
come from multiple physical DCs and are varied in their types. Consequently, the cloud DC
ua
management is complicated. Therefore, SD-DC2 provides unified management.
. h
i n g
r n
l e a
: //
h ttp
s :
r ce
s ou
Re
n g
r ni
e a
e L
or
M
Solution Architecture
 Infrastructure layer: provides capabilities of constructing physical and virtual computing,
storage, and network resource pools. The SD-DC2 solution offers multiple types of
infrastructure.
 Resource pool: manages virtual computing, storage, and network resources. The SD-DC2
n
/e
solution provides the capability of managing converged resource pools, heterogeneous
virtualization platforms such as VMware and FusionSphere, and physical resource pools.
 Service layer: supports OpenStack and FusionSphere management, image management,

o m
i.c
service management, resource scheduling, and SDN management capabilities including
VPC network service capabilities.
w e
ua
 Management layer: provides unified management and resource scheduling for multiple
h
cloud DCs and provides DCaaS based on VDCs. A VDC provides multiple types of cloud
g.
services. This layer also supports unified O&M of virtual and physical resources.
n i n
ar Page 7
l e
: //
h ttp
s :
r ce
s ou
Re
n g
r ni
e a
e L
or
M
Solution Deployment
ManageOne
Keystone ServiceCenter OperationCenter
n
FusionSphere OpenStack FusionSphere OpenStack
/e
Nova Cinder Cinder Neutron
Swift Ceilometer eSight eSight Ceilometer Glance
o m
i.c
Glance Neutron Nova Swift
UVP ESXi
Virtualization layer
UVP
w e
FusionCompute
DC 1 DC 2
h ua
g.
n i n
ar Page 8
l e
: //
ttp
 The SD-DC2 solution adopts OpenStack as the basic cloud management platform. With the
h
support capabilities of OpenStack for heterogeneous virtual resources, the SD-DC2 solution
:
s
provides unified management and scheduling of multiple virtualization platforms, and
r ce
implements converged resource pool capabilities. Based on OpenStack, a unified O&M
ou
management platform across multiple DCs is constructed, achieving the objectives of the SD-
DC2.
es

R
ManageOne provides ServiceCenter and OperationCenter.
n g
ni
 ServiceCenter: implements unified service orchestration and automatic management
a r
based on cloud and non-cloud resources provided by resource pools, including
L e customizable heterogeneous and multi-resource-pool policies and orchestration,
e
customizable enterprise service integration, resource pool management capabilities
or
supplemented by third-party components, and especially automatic provisioning
M
capabilities for heterogeneous traditional resources.
 OperationCenter: implements maintenance based on scenarios and visualized status,

risk, and efficiency analysis for DC services, and proactively analyzes problems and
works with ServiceCenter.
 FusionCompute virtualizes and pools computing, storage, and network resources.

 eBackup backs up VMs in SD-DC2.
 FusionSphere OpenStack is an open-source cloud management system. It consists of multiple

components, which are decoupled using Representational State Transfer (REST) interfaces
and message queues. FusionSphere OpenStack can manage heterogeneous virtualization
platforms, such as VMware and UVP. OpenStack consists of the following components:
 Nova: virtual computing
 Glance: image
n
Cinder: virtual disk /e
m

o
i.c
 Neutron: virtual network
 Swift: object storage
w e
ua
 Keystone: authentication
 Ceilometer: monitoring
. h
i n g
r n
l e a
: //
h ttp
s :
r ce
s ou
Re
n g
r ni
e a
e L
or
M
Contents

n
o m
ei.c
w
hua
g.
n i n
ar Page 10
l e
: //
h ttp
s :
r ce
s ou
Re
n g
r ni
e a
e L
or
M
Deployment Architecture: Unified Management of
Cloud and Non-Cloud Resources
 Unified management of physical and virtual resources:
ServiceCenter OperationCenter
n
Resource provisioning
/e
Alarms, performance, and topologies
OpenStack eSight/Third-party
o m
e i.c
w
ua
VM Physical firewalls Physical routers Physical servers
. h
i n g
r n
l e a Page 11
: //
ttp
 Unified management of cloud and non-cloud resources is supported:
: h
Non-cloud resource management: manages performance, alarms, and topologies of
s

ce
physical resources.
r
ou
 Cloud resource management: manages cloud resource automated deployment and
s
operation, performance, topologies, and capacity of cloud resources, and mapping
e
R
relationships between cloud and non-cloud resources.
n g
r ni
e a
e L
or
M
Deployment Architecture: Unified Management of
Heterogeneous Virtualization
 Unified management of heterogeneous virtualization:
n
/e
o m
ei.c
w
hua
g.
n i n
ar Page 12
l e
: //
ttp
 Different heterogeneous virtualization modes are adopted for different solutions:
: h
Huawei FusionSphere OpenStack supports VMware vSphere, and Huawei Unified
s

ce
Virtualization Platform (UVP) connects to OpenStack management platforms. In this
r
way, resources in heterogeneous resource pools are provisioned and managed in a
ou
unified manner. vSphere adopts the OpenStack access solution provided by VMware.
s
Re
The access of Huawei FusionSphere is similar to that of VMware, that is, to connect to
UVP by adding plug-ins to Nova/Cinder. Heterogeneous virtualization is supported
n g
through OpenStack. Therefore, the management architecture of cloud DCs is simplified
r ni
and management silos are eliminated.
e a
e L
or
M
Contents

n
o m
ei.c
w
hua
g.
n i n
ar Page 13
l e
: //
h ttp
s :
r ce
s ou
Re
n g
r ni
e a
e L
or
M
Application Scenarios
 The security subsystem of the SD-DC2 is designed based on the best
practice in the industry and Huawei's expertise and experience.
Objectives of the security subsystem architecture are as follows:
Modularization
n
/e

End-to-end security
m

o
i.c
 Low coupling
 Logical isolation
w e
ua
 Flexible scalability
 Standards compliance
. h
i n g
r n
l e a Page 14
: //
ttp
 With the IT development, for example, as Web2.0, service oriented architecture (SOA), and
h
cloud computing technologies are emerging and mobile devices, remote access devices,
:
s
browsers, plug-ins of various applications, intelligent terminals, and cloud hosts come into
r ce
being, information security faces new challenges. Attacks from the intranet and extranet and
ou
system vulnerabilities are major threats to information security. The most valuable
s
information assets are frequently attacked. As the core of information, DCs bear the brunt.
e

R
Based on cloud computing and distributed deployment of DCs, DC elements embrace some
n g
changes, such as virtualization and boundary extension. Therefore, a systematic distributed
r ni
cloud DC security solution should cover all elements, and security elements should support
a
logical isolation. Security of all elements cannot be ensured by only traditional technologies
e
e L
and physical boundaries.
or
M
Deployment Architecture
 Security subsystem architecture
n
/e
o m
ei.c
w
hua
g.
n i n
ar Page 15
l e
: //
ttp
 This architecture provides the following security capabilities:

: h
Physical device security: uses the access control system, video surveillance system, and
s
ce
environment monitoring system to control physical access and ensure the security of data
center environments and facilities.
r

s ou
Network security: uses the firewall, IPS, SSL VPN, Anti-DDoS, IDS/IPS, and network isolator
Re
technologies to ensure the isolation and security of VDC boarder, VDC internal system, data,
g
and communication. These technologies prevent data from being damaged, changed, or
n
ni
disclosed accidentally or intentionally. With these technologies, the system is reliable, secure,
r
and able to run continuously without service interruption.
a

L e
Host security: protects host OSs. Hosts are protected against attacks by security hardening,
e
or
antivirus software, host IPS, and host patch management.
 Virtualization security: implements virtualization layer hardening, cloud management

M application hardening, and VM isolation to ensure virtualization security.
 Application security: uses protection technologies, such as the email protection technology
and Web application protection technology, to protect the data on the application layer.
These technologies prevent application data from being damaged, changed, or disclosed
accidentally or intentionally.
 Data security: uses data encryption, residual data protection, data backup, and other
technologies to ensure data security.
 User management: audits access requests from privileged users.
 Security management: adopts security information and event management technologies.
 Security service: covers security integration, security assessment, security optimization, and
phase-specific professional services, and constructs a secure IT system for users.
n
/e
o m
e i.c
w
h ua
g.
n i n
ar
l e
: //
h ttp
s :
r ce
s ou
Re
n g
r ni
e a
e L
or
M
Network Security Protection - Virtual
Firewall
 A firewall can be virtualized into multiple logical firewalls, that is, virtual
firewalls (vFWs). Each vFW can independently provide services for an enterprise
to deploy a private network and implement security protection. Firewall
virtualization maximizes firewall resource utilization. A physical firewall or VSA
n
/e
can be used as a vFW.
o m
e i.c
w
hua
g.
n i n
ar Page 17
l e
: //
ttp
 The firewall, IDS, IPS, SSL VPN, Anti-DDoS, network antivirus gateway, and data ferry
h
technologies are used to protect systems and communication data. These technologies
:
s
prevent data from being damaged, changed, or disclosed accidentally or intentionally. With
r ce
these technologies, the system is reliable, secure, and able to run continuously without
ou
service interruption.

es
Traditional physical boundaries cannot meet security requirements for scenarios where VDCs
R
are used as the main body of distributed cloud data centers. To meet the requirements of
n g
cloud technology development, network security products evolve to support virtualization as
r ni
well as one-to-N device virtualization, and provide logical network security isolation. The vFW
a
technology is the most widely used cloud technology. In addition, cloud technology-based
e
e L
software boundary firewalls and security groups provide comprehensive security protection.
or
 Each vFW can provide private routing services, security services, and configuration
M
management services for users.
 Virtual Service Appliance (VSA)

 The VSA indicates the virtualization network boundary gateway. The VSA is deployed on the
VM. The VSA provides the following functions:
 vRouters/vFWs: support L3 route forwarding, OSPF/BGP, ACL, NAT, and IPSec/GRE VPN.
 vLBs: support TCP, HTTP, and HTTPS load balancing. More than one vLBs can be
deployed as required.
 Huawei's Next-Generation Firewalls (NGFWs) support firewall, VPN, IDS, IPS, Anti-DDoS,
antivirus gateway, anti-spam protection, and Web protection technologies. All these security
n
protection technologies can also be virtualized.
/e
o m
e i.c
w
h ua
g.
n i n
ar
l e
: //
h ttp
s :
r ce
s ou
Re
n g
r ni
e a
e L
or
M
Network Security Protection - Security
Group
 Users can create security groups based on VM security requirements. Each
security group provides a set of access rules. VMs that are added to a security
group are protected by access rules of the security group. Users need to select a
security group when existing VMs for security isolation and access control of
n
/e
original VMs.
Host 2
EC2
Host 3 Tenant A
o m
i.c
DC Tenant B
Tenant C
e
Security Group A Security Group C
w
VM VM VM VM VM VM VM VM VM VM VM
ua
Security
VM VM VM VM VM VM Group B VM VM VM VM VM
Default
VM VM VM
. h
g
VM VM VM VM VM VM Security Group VM VM
n i n
ar Page 19
l e
: //
ttp
 VMs in the same security group may be distributed on different physical servers. The VMs in
h
a security group can communicate with each other, while the VMs in different security
:
s
groups cannot by default. However, the VMs in different security groups can communicate
r
with each other after proper configuration.
ce
s ou
Re
n g
r ni
e a
e L
or
M
Network Security Protection - VDC Network
Security Protection Framework
n
/e
o m
ei.c
w
hua
g.
n i n
ar Page 20
l e
: //
ttp
 On VDC boundaries, vFWs (hardware firewalls in one-to-many virtualized hardware firewalls
h
or VSAs) and network security technologies, such as vIDs, vIPS, and vAnti-DDoS, are deployed
:
s
to protect the north-to-south traffic of the VDC. In a VDC, VPC boundaries protect the east-
r ce
to-west traffic between VPCs using vFWs. In a VPC, the east-to-west traffic between
ou
applications is protected by security groups.
es
R
n g
r ni
e a
e L
or
M
Network Security Protection - Other
Methods
 Anti-spoofing of IP addresses and MACs: IP address-message authentication
code (MAC) binding prevents the spoofing initiated by changing IP addresses
and MACs of a VM NIC, thereby enhancing network security of user VMs.
n
 DHCP isolation: The DHCP isolation of VMs is supported. DHCP isolation
prohibits users from unintentionally or maliciously enabling the DHCP Server
/e
service that affects VM IP address assignment.
o m
i.c
 Broadcast packet suppression: In server consolidation and desktop cloud
scenarios, if broadcast packet attacks occur due to network attacks or virus
w e
ua
attacks, the network communication may be abnormal. In this case, the
h
broadcast packet suppression can be enabled for virtual switches.
g.
n i n
ar Page 21
l e
: //
h ttp
s :
r ce
s ou
Re
n g
r ni
e a
e L
or
M
Virtualization-based Antivirus Software
Without Agents
Administrator Host
Security VM User VM User VM
Antivirus Antivirus engine
management
n
center
/e
Security VM API
Security API
module Security monitoring Security monitoring
m
driver and service driver and service
o
i.c
Shared memory Shared memory Shared memory
driver driver driver
Virtualization
e
management
Antivirus
Hypervisor
w
function
ua
Transmission channel
h
Module: API:
.
Light red: provided by antivirus vendor Blue: API between virtualization vendor and antivirus
Yellow: provided by virtualization platform vendor
g
vendor Pink: API between internal modules of antivirus vendor
n
Gray blue: existing capability of virtualization Green: API between internal modules of virtualization
i
vendor vendor
r n
l e a Page 22
: //
ttp
 The Huawei FusionSphere virtualization platform provides APIs for antivirus vendors to
h
perform secondary development and generate virtualization antivirus solutions. These
:
s
solutions allow users to remove viruses by deploying an antivirus engine in a specific security
r ce
VM and installing a lightweight driver on a local VM. Antivirus software integration
ou
verification has been performed for Rising, Trend Micro, and Kaspersky virtualization
s
antivirus software. Antivirus software without agents supports Windows-based cloud hosts.
e

R
The antivirus software without agents has the following two advantages:
n g
ni
 Advantages on virus library management, that is, only security VM management is required,
r
instead of management of virus library installation and update on each VM.
a

L e
Virus scan results are shared by all VMs of a host, which improves the virus scanning
e
or
efficiency.
M
TPM Integrity Protection
Virtualization management server
Measurement/Trust
chain transfer
Storage metric
Trusted verification server
Report metric/Trusted
status
Compute
n
/e
Applications/VMs
node
Virtualization platform/Hypervisor
o m
Boot section/Bootloader
ei.c
w
ua
Hardware ROM
TPM BIOS
h
Root of trust for measurement
Root of trust for
.
(option 1): UEFI/BIOS secure boot
storage
g
Root of trust for Root of trust for measurement
CPU (option 2): Intel TXT security
n
reporting
i
extension
r n
l e a Page 23
: //
ttp
 A cloud operating system is tailored and hardened, and security settings are performed to
h
effectively improve security. However, security risks, such as code-caused security
:
s
vulnerabilities, cannot be prevented. Therefore, cloud operating system integrity protection
r ce
solution is required to prevent security vulnerabilities from being used. Huawei cloud
ou
platform supports the hardware TPM chip–based integrity verification, which can protect the
s
integrity of hosts and VMs as well as handle damages in a timely manner to protect user data.
e
R
The integrity protection solution ensures that the untampered software with correct
g
configuration is always running on the virtualization platform. TPM provides the trusted root
n
ni
of computing nodes. The startup and running of virtualization operating systems and host
a r
operating systems are based on the root of trust. Based on the integrity measurement by
L e
level on the trust chain, trusted VM services are provided.
e
or
M
Contents

n
o m
ei.c
w
hua
g.
n i n
ar Page 24
l e
: //
h ttp
s :
r ce
s ou
Re
n g
r ni
e a
e L
or
M
Single DC Deployment
External area
Background
DDoS traffic maintenance area
cleaning
Optional
Network service area

Network service area
Firewall Firewall
Aggregation
layer
n
/e
Load Load
balancing balancing
Access layer
o m
ei.c
w
Operation management DMZ area Service area
O&M management
hua
Storage network
g.
Storage resources
n i n
ar Page 25
l e
: //
h ttp
s :
r ce
s ou
Re
n g
r ni
e a
e L
or
M
Architecture Overview (1)
 The DC adopts a flat two-level architecture design. The internal switching structure is simple and clear.
The DC network consists of the aggregation layer and the access layer.
 The single DC is divided into four areas based on the network logical functions: external area,
aggregation area, network service area, and access area. The external area connects to the Internet
n
and VPN. The aggregation area is the switching core of the DC and consists of high–performance
/e
switches. The network service area provides value-added services, such as firewalls, load balancing,
and VPN. The access area provides access for DC server nodes.
 In the aggregation layer, frame switches are used to form a clustered, and multiple switches are
o m
i.c
logically virtualized into one switch to implement device redundancy. Only one management IP
address is required to manage the devices.
w e
The CSS+istack+eth-trunk mode is used to construct a reliable and flat two-level loop-free network
ua

with a low aggregation ratio.
. h
In the aggregation layer, the VRF technology is used to logically isolate the network area and the
service area at layer 3.
i n g
r n
l e a Page 26
: //
h ttp
s :
r ce
s ou
Re
n g
r ni
e a
e L
or
M
Architecture Overview (2)
 With the virtualization function, vFWs, VLBs, and virtual switches are provided
to meet user requirements on virtualization and isolation.
 At the access layer, the VLAN technology is used to implement layer 2 isolation.
 Servers can be blade servers or rack servers. If blade servers are used, the blade
n
servers connect to the core switch through the switching backplane. If rack
/e
servers are used, the rack servers connect to the core switch through the access
o m
i.c
switch.
 Storage devices connect to the storage plane ports of servers through Fibre
w e
ua
Channel switches over the FC SAN, or connect to the storage plane ports of
h
servers through the IP switch over the IP SAN. All servers share storage devices.
.
i n g
r n
l e a Page 27
: //
h ttp
s :
r ce
s ou
Re
n g
r ni
e a
e L
or
M
Architecture Overview
 Management deployment: ManageOne, the SD-DC2 management software, is deployed
in a third place or OperationCenter. ManageOne manages other DCs through dedicated
links and centrally allocates and schedules resources.
 Confidentiality, reliability, and low latency are ensured for data flows during service
n
/e
provisioning.
DC interconnection architecture: Both DCs can interconnect with each other through the
m

Internet, MPLS network, MAN, or bare fibers.

o
 When DCs are interconnected through the Internet or MAN, Layer 3 routes are used.
When DCs are interconnected through the MPLS network, boundary routers are provided with
e i.c
w

ua
MCEs to construct Layer 3 network interconnection.
When DCs are interconnected through bare fibers, the core switch is used to implement Layer 2
h

interconnection.
g.
n i n
ar Page 28
l e
: //
ttp
 One set of DC2 management software is deployed. Multiple virtualization platforms are
h
deployed for multiple DCs. The management software centrally manages and schedules DC
:
s
resources. For details about the deployment of other components, see recommendations for
single DC deployment.
r ce
s ou
Re
n g
r ni
e a
e L
or
M
Quiz
1. What are the features of SD-DC2?
2. How to protect DC services?
n
/e
o m
ei.c
w
hua
g.
n i n
ar Page 29
l e
: //
h ttp
s :
r ce
s ou
Re
n g
r ni
e a
e L
or
M
Thank You n
www.huawei.com /e
o m
ei.c
w
hua
g.
ni n
ar
l e
: //
http
s :
r ce
sou
Re
n g
rni
e a
e L
or
M
Huawei HyperMetro
Solution
n
/e
o m
www.huawei.com
e i.c
w
hua
g.
ni n
r
l e a
: //
h ttp
s :
r ce
s ou
Re
n g
r ni
e a
e L
or
M
Objectives
 Upon completion of this course, you will be able to understand:
 Overview of Huawei HyperMetro Solution
 Design of Huawei HyperMetro Solution

n
 Technical principles of Huawei HyperMetro Solution
/e
 Service failover process in the active-active data center
o m
ei.c
w
hua
g.
n i n
ar Page 2
l e
: //
h ttp
s :
r ce
s ou
Re
n g
r ni
e a
e L
or
M
Contents
1. Introduction to Huawei HyperMetro Solution
2. Key Technologies of Huawei HyperMetro Solution
3. Fault Scenarios
n
/e
o m
ei.c
w
hua
g.
n i n
ar Page 3
l e
: //
h ttp
s :
r ce
s ou
Re
n g
r ni
e a
e L
or
M
Introduction to Huawei HyperMetro
Solution
 In an active-active DC solution, both DCs run concurrently to share service loads,
improving DC performance and system resource utilization.
 There are two active-active modes in the current storage industry: the active-passive (AP)
mode and the active-active (AA) mode.
n
/e
 In the active-passive mode, some services run on DC A, with DC B as the hot backup, while other
services run on DC B, with DC A as the hot backup, which achieves approximate active-active
effects.
o m
i.c
 The active-active mode delivers real active-active capabilities. All I/O paths are allowed to access
e
an active-active LUN, service loads are balanced, and seamless failover can be performed.
 Huawei HyperMetro Solution uses an active-active architecture and is based on the

w
ua
HyperMetro function of OceanStor V3 storage systems. Interworking with other
.
computing and network components, the solution delivers active-active capabilities for
h
DCs.
i n g
r n
l e a Page 4
: //
ttp
 Huawei HyperMetro Solution uses an active-active architecture and is based on the industry-
h
leading HyperMetro function of OceanStor V3 storage systems. The solution delivers active-
:
s
active capabilities for DCs deployed within 100 km by interworking with web, database
r ce
clusters, load balancing components, transfer devices, networks, and other components. The
ou
solution ensures automatic failover with zero service awareness in case of device failures or
s
even single-DC failures. In addition, it boasts zero Recovery Point Objective (RPO) and zero
e
R
Recovery Time Objective (RTO) (RTO depends on the application system and the deployment
mode).
n g
r ni
e a
e L
or
M
Huawei HyperMetro Solution Architecture
 Huawei's end-to-end HyperMetro Solution is divided into six
layers, namely, storage, computing, application, network,
transport, and security layers.
n
/e
o m
ei.c
w
hua
g.
n i n
ar Page 5
l e
: //
ttp
 The solution applies proper designs to each layer for better reliability, performance, and load
balancing effect, which are as follows:
: h
s
ce
 Storage layer
r
ou
 Gateway-free active-active architecture
es
The HyperMetro feature of OceanStor V3 storage arrays enables the solution to
R
achieve storage-layer active-active capabilities, reduce the solution's faults, and avoid
g
I/O performance bottlenecks brought by storage virtual gateways.
n

r ni
The SmartVirtualization feature of OceanStor V3 storage arrays enables the solution to
e a take over existing heterogeneous storage devices and virtualize different storage
e L resources into pools.
or
 The FastWrite function enables the solution to reduce the round trip of a standard
M 
write I/O process from two to one, thereby improving the write performance.
The network self-adaptation function enables the solution to improve the active-active
performance when the link performance is uneven.
 Network layer
 The Ethernet Virtual Network (ENV) technology of Huawei Cloud Engine series DC
switches is used.
 This technology enables protocols on the Layer 2 network to run on the Layer 3
network and ensures cross-DC service interconnection and communication.
 Interconnection optimizations enable the isolation of broadcast domains and optimize

the east-to-west traffic between DCs.
 Access optimizations, such as active-active gateway and route injection, optimize the
north-to-south traffic between DCs.
 Security layer
n
The security layer uses Huawei USG series to provide security protection functions /e
m

such as FW and IDS for DCs.

o
 Computing layer
e i.c
w
ua
 The computing layer uses virtualization platforms such as FusionSphere and VMware
to provide cross-DC clustering, thereby enabling multiple mission-critical applications
. h
g
to run in active-active mode.
 Application layer
n i n
ar
The application layer uses virtual cluster-based Web and applications to deliver higher
e

//l
reliability and achieves automatic service switchover by using load balancing.
:
ttp
 The database achieves cross-site clustering and active-active deployment by using
active-active LUNs.
: h
Transport layer
s
ce

r
The transport layer uses the Huawei OptiX OSN series as the wavelength division
ou

device for active-active DCs.
es
R
 Three 1+1 protection schemes (line redundancy, card redundancy, and device
g
redundancy) are used to meet the reliability requirements of varied levels.
n

r ni
Latency optimization methods, such as dispersion compensation, are used to ensure
e a minimum transport-layer delay.
e L
or
M
Huawei HyperMetro Solution Deployment
(1)
 Overall physical networking of Huawei HyperMetro Solution:
n
/e
o m
ei.c
w
hua
g.
n i n
ar Page 7
l e
: //
h ttp
s :
r ce
s ou
Re
n g
r ni
e a
e L
or
M
(2)
 Module deployment:
 Storage layer
 Two storage arrays (OceanStor V3 series) are deployed across two DCs to form a storage cluster.
 One OceanStor V3 storage system takes over LUNs from a third-party storage system. Then, a third-party
n
LUN and a LUN on another OceanStor V3 storage system form active-active LUNs.
/e
 Network layer
m
 The network layer uses the Huawei CloudEngine DC switches as core switches.
o
i.c
 The DCs adopt typical Layer 2 or Layer 3 physical architecture for networking, enabling the EVN to form a
Layer 2 channel. Links from core switches are aggravated to the wavelength division device with CSS+ links.
w e
On the network layer, each site is deployed with an independent GSLB for load balancing between sites.
Each site is deployed with two server load balancers (SLBs) to form an HA cluster for load balancing on
ua

application layer servers.
. h
i n g
r n
l e a Page 8
: //
h ttp
s :
r ce
s ou
Re
n g
r ni
e a
e L
or
M
(3)
 Application layer
 Web and applications can be deployed on virtual machines (VMs) or physical machines. Multiple servers in a
DC or across DCs form a cluster.
n
 You are advised to deploy databases on physical machines and enable them to form a cluster across DCs.
/e
 Computing layer
m
 Virtualization platforms such as Huawei FusionSphere and VMware provide the cross–DC clustering
technology.
o
i.c
 Security layer

w e
Each site is deployed with two Huawei USG series firewalls and the firewalls are connected to core switches.
ua
 Transmission encryption is enabled on Huawei OptiX OSN series DWDMs.
. h
i n g
r n
l e a Page 9
: //
h ttp
s :
r ce
s ou
Re
n g
r ni
e a
e L
or
M
(4)
 Transport layer
 The transport layer uses Huawei OptiX OSN series DWDM devices. Two wavelength division
devices are deployed at each site.
n
/e
 If devices cannot be deployed in redundancy mode, deploy at least two transmission boards
on each wavelength division device for card redundancy.
 Multiplex the fiber channel and IP signals from multiple channels to fiber links. Connect each
o m
i.c
wavelength division device with two pairs of bare fibers.
 Quorum site
w e
ua
 Deploy quorum devices and software on a third-party site.
The software can either be installed on a physical server or a VM.
h

g.
Connect the quorum server to the two storage arrays in the active-active DCs through an IP
i n
network
r n
l e a Page 10
: //
h ttp
s :
r ce
s ou
Re
n g
r ni
e a
e L
or
M
Customer Benefits
 Benefits of the six-layer HyperMetro Solution:
 End-to-end active-active DC solution design: Huawei provides the end-to-end design to ensure
quick service rollout.
 Huawei Active-Active Disaster Recovery Data Center Solution adopts a gateway-free active-active
architecture and enables services to run around the clock. The solution minimizes the number of
n
failure points to offer higher system reliability. In addition, the solution is powered by active-
/e
m
active capabilities that allow concurrent reads and writes at both data centers.
o
i.c
 Active-active I/O optimization and the gateway-free active-active architecture minimize the I/O
processing path. Lock prefetch optimization, storage protocol optimization, and site access
optimization significantly improve active-active service performance.
w e
ua
 Existing devices are reused to reduce investment. Third-party storage devices can be taken over
at the storage layer and servers on virtualization platforms (such as FusionSphere) can be reused
on the computing layer.
. h
i n g
r n
l e a Page 11
: //
ttp
 Huawei HyperMetro Solution has the following highlights:
: h
Active-active architecture, ensuring zero data loss and zero downtime upon a DC
s

ce
failure (RPO = 0, RTO = 0)
r
ou
 Both DCs to process services, fully utilizing BC&DR resources
es
Heterogeneous storage systems supported, protecting existing investments
R
Unified and visual management of devices from different vendors
g

ni n
a r
L e
e
or
M
Contents

Active-active Storage Layer
n

 Active-active Computing Layer

/e
Active-active Application Layer
o m
i.c

e
 Active-active Network Layer
w
ua
 Security-layer Technologies
3. Fault Scenarios
. h
i n g
r n
l e a Page 12
: //
ttp
 Huawei HyperMetro Solution adopts the following technologies:
: h
Storage layer: HyperMetro for active-active capabilities
s

r ce
Computing layer: Virtualization technologies such as FusionSphere and VMware to
ou
provide the VM HA feature for automatic recovery upon faults
es
Application layer: Application clustering and database clustering technologies for
R
active-active capabilities
n g
ni
 Network layer: Layer-2 interconnection technologies such as DWDM and EVN for low-
r
latency highly reliable Layer 2 network interconnection; path optimization technologies
e a such as active-active gateways of network devices and RHI; global load balancing and
e L server load balancers for nearest active-active access or high-availability network
or
switching
M  Transport layer: Device redundancy and board redundancy to establish reliable active-
active transport networks
 Security layer: Firewall and security policy planning and design to ensure access
security; transport-layer encryption to ensure cross-DC data transmission security
 In comparison to the active-passive solutions, Huawei Active-Active DC Solution
fully utilizes computing resources, effectively reduces inter-array
communication, and greatly shortens I/O paths, which yields higher access
performance and faster failover.
n
/e
o m
e i.c
w
hua
g.
n i n
ar Page 13
l e
: //
ttp
 The storage layer of Huawei HyperMetro Solution is implemented based on the HyperMetro
h
feature of Huawei OceanStor V3 enterprise unified storage systems. Huawei uses an active-
:
s
active architecture to integrate two storage arrays into a cross-site cluster to achieve real-
r ce
time data mirroring. HyperMetro also boasts robust reliability, high performance, and flexible
ou
scalability.

es
HyperMetro delivers the active-active service capabilities based on two storage arrays. Data
R
on the active-active LUNs at both ends is synchronized in real time, and both ends process
n g
read and write I/Os from application servers to provide the servers with non-differentiated
r ni
parallel active-active access. When either storage array encounters a fault, services are
a
seamlessly switched to the other end without interrupting service access.
e
e L
or
M
Gateway-free Design
 Requiring no additional virtual gateways, the HyperMetro active-active architecture
directly groups two storage arrays into a cross-site cluster system. A maximum of 32
storage controllers are supported, that is, two 16-controller storage arrays can be used to
establish an active-active relationship. This solution is refined in architecture and well
compatible with value-added storage features. It delivers the following benefits to
n
customers:
/e
 Reduced number of gateway-related fault points and enhanced solution reliability
o m
i.c
 Faster I/O response (Latency caused by gateway forwarding is eliminated because I/Os are not
e
forwarded by gateways.)
w
Superb compatibility with existing features of Huawei storage systems. A joint use of HyperMetro
ua
and other Smart- or Hyper-series features of Huawei OceanStor V3 enterprise unified storage
h
systems can provide a wide range of data protection and BC&DC solutions for customers.
 Simplified network and easier maintenance

g.
n i n
ar Page 14
l e
: //
h ttp
s :
r ce
s ou
Re
n g
r ni
e a
e L
or
M
Storage-layer Network
 Fibre Channel and IP links are supported between storage arrays (Fibre Channel
links recommended). IP links, which are easier to obtain, are used for the
connection between a storage array and a quorum server.
n
/e
o m
ei.c
w
hua
g.
n i n
ar Page 15
l e
: //
ttp
 High-reliability link design
: h
HyperMetro supports Fibre Channel and IP networks between storage arrays. The
s

ce
network configuration depends on users' network conditions. Storage arrays can be
r
connected directly or through a Fibre Channel or IP switch. For greater active-active
ou
performance, Fibre Channel networks are recommended.
s

Re
In a cross-DC 2-node+2-node active-active network, it is advised to establish two inter-
g
array mirroring links between each controller and the storage array at the other end.
n
ni
In addition, the switches of the two links must be isolated for higher link reliability.
a r
L e
e
or
M
Robust Reliability
 Based on the high-reliability design of OceanStor storage systems,
HyperMetro applies new solution-level reliability technologies to
maximize the solution reliability. These technologies are as
n
/e
follows:
 Cross-site clustering
o m
i.c
 Cross-site real-time data mirroring
 Cross-site bad block repair

w e
 Split-brain prevention by arbitration
hua
g.
n i n
ar Page 16
l e
: //
h ttp
s :
r ce
s ou
Re
n g
r ni
e a
e L
or
M
High Reliability - Cross-site Clustering
 Active-active cross-site clustering:
n
/e
o m
ei.c
w
hua
g.
n i n
ar Page 17
l e
: //
ttp
 Two independent storage arrays form a cross-site cluster and deliver an active-active
h
architecture. Centered on the cluster, each array can be concurrently accessed by application
:
servers and process I/Os from application servers.
s
r ce
It is easy to configure an active-active cross-site cluster — two storage arrays are configured
ou

as active-active domains.
es
R
 The cross-site cluster system uses Fibre Channel or IP links between the storage arrays to
g
establish a global node view and monitor device statuses. Based on the global view, the
n
ni
cluster offers capabilities such as distributed mutual exclusion and supports the active-active
r
architecture.
a

L e
Clustered nodes support concurrent access. If a controller is faulty, services on the controller
e
or
are switched to other functional local controllers. If all local controllers are malfunctioning,
services are switched to the other cluster.
M  Based on cross-site clustering, HyperMetro provides services and manages task statuses, on a
basis of active-active pair or consistency group.
 Active-active member LUNs from two storage arrays form a virtual active-active LUN. A real-
time mirroring technology maintains real-time data consistency between active-active
member LUNs from the two storage arrays.
 A consistency group is a collection of active-active pairs, ensuring data consistency in the
scenario where a host writes data to multiple LUNs on a single storage system.
 When you split or synchronize a consistency group, all active-active pairs in the group are
split or synchronized at the same time. If a link fault occurs, all member pairs enter the
interrupted state. After the fault is rectified, data synchronization is implemented for all pairs
to ensure the availability of data on the secondary storage array.
n
/e
o m
e i.c
w
h ua
g.
n i n
ar
l e
: //
h ttp
s :
r ce
s ou
Re
n g
r ni
e a
e L
or
M
High Reliability - Cross-site Real-time Data
Mirroring
 HyperMetro uses cross-site real-time data mirroring to ensure real-time data
synchronization between the storage arrays at two sites. Data is written to the
member active-active LUNs in both DCs at the same time with the real-time
mirroring technology to ensure real-time data consistency. The write I/O
n
/e
process is as follows:
o m
ei.c
w
hua
g.
n i n
ar Page 19
l e
: //
ttp
 If DC A receives a write I/O, the mirroring process is as follows:
: h
Applying for the write permission and recording the request in a log: When the storage
s

ce
array in DC A receives a write request from a host, the storage array applies for the
r
write permission for the request. After obtaining the write permission, the active-
ou
active pair logs the write request. The log records the address information instead of
s
performance. Re
data content. The log uses memory space with power failure protection for optimal
n g
ni
 Performing dual write: The write request is copied first and then written into the local
a r
LUN and the cache of the remote LUN.
L e
 Waiting for dual-write results: The host waits for the write results to be returned from
e
or
the LUNs at both ends.
Responding to the host: A message indicating that the write I/O request processing is
M

complete is returned by the active-active pair.
 HyperMetro supports resumable data transfer. In a fault scenario (such as a faulty storage
array system) where a pair is disconnected, HyperMetro logs the newly generated write I/Os.
After the fault is rectified, HyperMetro automatically recovers the pair and synchronizes only
incremental data to the remote end. The whole process is transparent to the host and does
not affect host services.
High Scalability - Extendable to Geo-
redundant 3DC Solution
 Interworking with Smart- and Hyper- features on OceanStor V3 storage systems,
HyperMetro provides a range of data protection and DR solutions. The three-
Data-Center (3 DC) DR solution is as follows:
n
/e
o m
ei.c
w
hua
g.
n i n
ar Page 20
l e
: //
ttp
 In recent years, the world is frequently attacked by severe natural disasters. In such a
h
condition, 3 DC DR solutions receive more attention and acceptance.
:
s
ce
 A 3DC solution usually contains a production center, an intra-city DR center, and a remote DR
r
center. Users can store the same data in the three centers.

s ou
The 3DC DR Solution is implemented through the interworking of HyperMetro,
Re
HyperReplication (a feature of OceanStor unified storage systems), and BCManager. If the
g
production center encounters a disaster, a primary/secondary switchover is implemented in
n
ni
the intra-city DR center. Meanwhile, the two centers keep a DR relationship with the remote
r
DR center. If both the production center and the intra-city DR center suffer a disaster, the
a
e
remote DR center can perform a primary/secondary switchover on the remote replication to
L
e
take over services.
or  Compared with the traditional synchronous replication+asynchronous replication 3DC
M solution, the active-active+asynchronous replication 3DR solution features higher resource

utilization and faster failover. When the active-active DC applies to intra-city DR, the load of a
critical service is balanced between two DCs, ensuring zero service interruption and data loss
when a DC malfunctions. The active-active DC solution can be smoothly extended to the geo-
redundant 3 DC solution. You can implement intra-city active-active DR first, and then add
asynchronous replication after the remote DC is set up to realize remote application
protection.
 In a 3DC solution, BCManager provides DR topology and end-to-end monitoring to simplify
DR management. The intuitive display of disaster recovery solution status and changes and
the real-time device monitoring enable you to identify and rectify faults before a service
failover, preventing unnecessary failover operations that adversely affect ongoing services
and increase disaster recovery costs.
n
/e
o m
e i.c
w
h ua
g.
n i n
ar
l e
: //
http
s :
r ce
s ou
Re
n g
r ni
e a
e L
or
M
High Scalability - Heterogeneous Active-
Active
 By interworking with SmartVirtualization of OceanStor V3 converged storage
systems, HyperMetro provides heterogeneous array protection.
n
/e
o m
ei.c
w
hua
g.
n i n
ar Page 22
l e
: //
ttp
 SmartVirtualization uses LUNs mapped from heterogeneous storage systems to the local
h
storage system as logical disks (LDs) that can provide storage space for the local storage
:
s
system and create eDevLUNs that can be mapped to the host on LDs. LDs provide data
r ce
storage space for data volumes, and the local storage system provides storage space for
ou
metadata volumes of eDevLUNs. SmartVirtualization protects the data integrity of external
s
LUNs. eDevLUNs and LUNs of heterogeneous storage arrays have unique World Wide Names
e
(WWNs).
R
n g
eDevLUNs and local LUNs have the same properties. Therefore, LUNs taken over using
ni

r
heterogeneous virtualization can provide the active-active function for heterogeneous LUNs
a
using HyperMetro.
e
e L
or
M
High Scalability - Local Protection (1)
 Active-active solution with snapshot protection:
n
/e
o m
ei.c
w
hua
g.
n i n
ar Page 23
l e
: //
ttp
 In the event of virus attacks or misoperations, data in the DCs may be damaged. The virtual
h
snapshot technology activates the snapshot of current data volumes before any operation is
:
performed to protect local data.
s
r ce
HyperSnap uses the copy-on-write (COW) technology to copy only changed data to the
ou

snapshot volume, consuming less system resources. If data on the original volumes is
es
modified or deleted by mistake and needs to be restored, snapshots can be used to roll back
R
and restore the data on the original volumes. In addition, the snapshot volume can be
n g
mapped to hosts for data testing and mining without affecting production services.
r ni
Interworking with Huawei DR management software, the solution performs a full check on
a
databases before snapshots are activated. After data is flushed onto disks, snapshots are
e
e L
activated to ensure that snapshot data is consistent with the data in the databases and
or
databases can be started promptly.
M
 The interworking of HyperMetro and HyperSnap provides snapshot protection for member
active-active LUNs on the storage arrays at both ends.
High Scalability - Local Protection (2)
 Active-active with HyperMirror protection:
n
/e
o m
ei.c
w
hua
g.
n i n
ar Page 24
l e
: //
ttp
 HyperMirror is a continuous data protection technology. It creates two physical mirror copies
h
for a LUN to provide continuous LUN backup and protection without affecting the
:
s
applications running on the host side. If one mirror copy is unavailable, the storage system
r ce
can access another mirror copy, ensuring normal running of host services and preventing
ou
data loss. Huawei OceanStor V3 storage systems allow users to create mirror copies for LUNs
s
from third-party storage systems, thereby enhancing the reliability of the LUNs.
e

R
Interworking with HyperMirror, HyperMetro allows users to create active-active pairs based
n g
on mirrored LUNs. The interworking taps the advantages of local and remote data protection
r ni
to provide higher-level service continuity protection.
e a
e L
or
M
Contents

n


/e
o m
i.c

e
w
ua
3. Fault Scenarios
. h
i n g
r n
l e a Page 25
: //
ttp
: h
s

r ce
ou
es
R
n g
ni
r
or
switching
Virtual Clustering Highlights
 A cross-DC cluster deployed with physical machines provides fast service
switchover and uninterrupted service access without data loss in various fault
scenarios.
n
 Common virtual cluster technologies have the following features:
 The restart and recovery of VMs by using the HA function interrupt services shortly.
/e
 If a host machine malfunctions, VMs running on it automatically restart on other host
o m
i.c
machines. VM services will be interrupted shortly and memory data of these VMs will be lost.
 Compared with a physical machine cluster, the resource utilization of a VM cluster is

dozens of times higher.
w e
ua
 Up to scores of VMs can run on one physical host machine to fully utilize resources.
. h
i n g
r n
l e a Page 26
: //
ttp
 To ensure continuous active-active service running, service interruption during an HA restart
h
must be rectified. SLBs balance service loads in active-active DCs. To prevent service
:
s
interruption, deploy the same service on VMs in the two DCs so that when one host machine
r ce
malfunctions, VMs in the other DC can take over the loads in real time.
s ou
Re
n g
r ni
e a
e L
or
M
Recommended Computing Resource
Virtualization Configuration
 The recommended configuration is as follows:
 Deploy a cross-DC virtual cluster. After computing resources are virtualized, deploy
VMs on them.
n
 Configure the HA function to protect VMs. Therefore, VMs recover automatically
/e
upon faults.
 Configure dynamic resource schedulers (DRSs) to properly distribute VMs on host
o m
i.c
machines based on service requirements.
e
 Configure Layer 2 interworking between DCs to prevent VM services that are
w
migrated between DCs from being adversely affected.
ua
 Map the shared storage space provided by the active-active storage platform to all
.
host machines of the virtual cluster to enhance the flexibility of VMs.
h
i n g
r n
l e a Page 27
: //
ttp
 After the active-active reconstruction of the computing layer, VMs can better balance service
h
loads based on the original computing resources. This significantly improves the resource
:
s
utilization and running efficiency, streamlining the service deployment. In addition, VMs
r ce
feature better reliability, online migration performance, and maintainability.
 VM deployment methods:
s ou

Re
For B/S applications: The Web layer and application layer are deployed on VMs. VMs
g
are not clustered. The SLB can detect server faults and distribute services to other
n
ni
functional servers.
a r
For C/S applications: If the application layer is deployed on VMs, VMs are deployed in a
L e cross-DC cluster.
e
or
M
Contents

n


/e
o m
i.c

e
w
ua
 Transport-Layer Technologies
. h
3. Fault Scenarios
i n g
r n
l e a Page 28
: //
ttp
: h
s

r ce
ou
es
R
n g
ni
r
or
switching
Active-Active B/S Applications - Working
Principles
 Deployment of clusters on web application servers:
n
/e
o m
ei.c
w
hua
g.
n i n
ar Page 29
l e
: //
ttp
 When passing through a web server (for example, Apache), an HTTP request sent by a
h
browser is redirected to an application server (for example, Weblogic). The redirection is
:
performed by the web server.
s
r ce
Generally, a web server corresponds to an application server cluster for load balancing.
ou

es
R
n g
r ni
e a
e L
or
M
Active-Active B/S Applications - Topology
 Topology of forwarding B/S application requests:
n
/e
o m
ei.c
w
hua
g.
n i n
ar Page 30
l e
: //
ttp
 Multiple web servers are deployed at each site without being clustered. All web servers at
h
each site constitute a resource pool on the SLB (F5 LTM). Based on the Active-Active DC
:
Solution, create DC 1 and DC 2 resource pools.
s
r ce
If multiple application servers are deployed on one site, group application servers of the
ou

same type across sites into an active-active cluster.
es
R
 Application server clusters in the two DCs are connected to the cross-DC database cluster.
n g
r ni
e a
e L
or
M
Active-Active B/S Applications - HTTP
Session Persistency Management
 An HTTP session refers to a series of requests sent by a user from a browser to a server.
HTTP sessions enable applications running on web containers to track each user's
operations.
 HTTP session persistency management means that all follow-up requests initiated by a
n
/e
user are distributed to the same application server. The session persistency management
enhances system performance because application servers do not need to create and
maintain session information. In addition, HTTP persistency management avoids loss of
o m
i.c
earlier sessions.
w e
Application server clusters are deployed across DCs, and memory synchronization is used
ua
to implement session persistency management. Therefore, sessions are not lost even in
the event of cross-DC access.
. h
i n g
r n
l e a Page 31
: //
h ttp
s :
r ce
s ou
Re
n g
r ni
e a
e L
or
M
Active-Active B/S Applications - Load
Balancing (1)
 The process for load balancing of active-active B/S applications is as follows:
 An SLB receives an HTTP request and allocates the request to a web server based on
the load balancing algorithm;
n
 The web server receives the HTTP request and forwards it to an application server
/e
node selected from the resource pool.
m
 Check the persistency of the HTTP session: check the parameter jSession id in the cookie or
the URL of the request to verify if they match the session ID. If yes, a plug-in forwards the
o
i.c
request to the application server.
w e
If no, the plug-in will search for another appropriate application server based on the preset
ua
rule.
. h
i n g
r n
l e a Page 32
: //
h ttp
s :
r ce
s ou
Re
n g
r ni
e a
e L
or
M
Active-Active B/S Applications - Load
Balancing (2)
 The process for load balancing of active-active B/S applications is as follows:
 The web server forwards the request to an application server through TCP/IP. If the
forwarding succeeds, the application server returns a TCP/IP ACK message. If the
application server gives no response due to timeout, the web server will return the
n
/e
error code 500.
m
 The request processing result is returned. After the request is sent, the web server
enters the waiting state. After the application server returns a result, the waiting
o
state of the web server finishes. If the request fails to be processed, the web server
marks the application server as unavailable, and forwards the request to another
e i.c
w
ua
application server.
. h
i n g
r n
l e a Page 33
: //
h ttp
s :
r ce
s ou
Re
n g
r ni
e a
e L
or
M
Active-Active C/S Applications - Working
Principles (1)
 Working principle of active-active C/S applications (IP address-
based access with distributed deployment not supported)
n
/e
o m
ei.c
w
hua
g.
n i n
ar Page 34
l e
: //
ttp
 C/S services can be externally accessed by using IP addresses. For example, you can log in to
h
an application using an IP address, user name, and password through a piece of client
:
software.
s
r ce
If C/S applications do not support distributed deployment, primary routes can be advertised
ou

only in one DC. Therefore, the applications can run in one DC only, but automatic failover to
es
the secondary site is supported to allocate applications on two DCs.
R
n g
r ni
e a
e L
or
M
Active-Active C/S Applications - Working
Principles (2)
 Working principle of active-active C/S applications (IP address-
based access with distributed deployment supported)
n
/e
o m
ei.c
w
hua
g.
n i n
ar Page 35
l e
: //
ttp
 If C/S applications support distributed deployment and run on two DCs (different external IP
h
addresses), manually configure the server IP address corresponding to the client to balance
:
different customers' loads to the two DCs.
s
r ce
s ou
Re
n g
r ni
e a
e L
or
M
Active-active Databases (1)
 Active/standby cluster architecture:
n
/e
o m
ei.c
w
hua
g.
n i n
ar Page 36
l e
: //
ttp
 Active-active databases are implemented through database clustering. In the industry,
h
database clustering is classified into two modes: active-standby and active-active.
:
s
ce
 Common active-standby cluster systems are: IBM PowerHA, HP ServiceGuard, Microsoft
r
WSFC, and Veritas Cluster Server. When a primary node malfunctions, a failover is performed,
ou
that is, a secondary node in the cluster automatically restarts the application system. The
s
Re
administrator needs to deploy cluster software on all active and standby nodes on the cluster
to control the mounting of file systems, start-up of application system services, and
n g
configuration of public network IP addresses.
r ni
e a
e L
or
M
Active-active Databases (2)
 Active-active cluster
n
/e
o m
ei.c
w
hua
g.
n i n
ar Page 37
l e
: //
ttp
 Multiple nodes on an active-active cluster can provide the same service simultaneously. This
h
feature enables the active-active cluster to implement seamless failover and enhances the
:
s
overall application system performance. Currently, active-active clusters, such as Oracle Real
r ce
Application Cluster (RAC), are most commonly used.
s ou
Re
n g
r ni
e a
e L
or
M
Active-active Databases - Oracle RAC
 Oracle RAC enables all nodes to concurrently access data files,
redo log files, control files, and parameter files through shared
storage resources. In addition, if a node malfunctions, services
n
/e
running on the node are automatically switched to a functioning
node to ensure database availability.
o m
i.c
 Active-active LUNs provided by active-active storage are used as
shared volumes to construct cross-DC Oracle Extended RACs.
w e
hua
g.
n i n
ar Page 38
l e
: //
ttp
 Oracle Extended RAC works with the Oracle listener to achieve cross-DC service access and
h
load balancing. Combined with Oracle Transparent Application Failover (TAF), Oracle
:
s
Extended RAC enables clients to continue running with new connections without service
r ce
interruption when a server or DC encounters a fault.
s ou
If heartbeat links are down on intermediate networks, Oracle RAC will vote based on the
following rules:
Re

n g
The sub-cluster with the largest number of nodes wins.
ni
 If the numbers of nodes in the sub-clusters are the same, the sub-cluster with the
a r
lowest node number wins.
L e
e
or
M
Active-active Databases - Oracle RAC
Active-active Deployment
 Node deployment of Oracle Extended Distance Cluster:
n
/e
o m
ei.c
w
hua
g.
n i n
ar Page 39
l e
: //
ttp
 It is recommended that Oracle Extended Distance Cluster be deployed in 2 +1 mode, that is,
h
two servers in data center A and one server in data center B. In this way, instances in DC A
:
s
survive first in case of heartbeat link failures. If the DCs have the same number of nodes,
r ce
deploy the servers with smaller node numbers in DC A.
s ou
It is advised to create different services at the Oracle RAC layer to separate services and
e
prevent data interaction across DCs.
R

n g
The PREFERRED function of Oracle RAC TAF is used to make applications access local
ni
instances only and set instances in the remote DC as available so that access requests are
r
switched to remote instances only when all local instances are malfunctioning.
a
L e
e
or
M
Contents

n


/e
o m
i.c

e
w
ua
3. Fault Scenarios
. h
i n g
r n
l e a Page 40
: //
ttp
: h
s

r ce
ou
es
R
n g
ni
r
or
switching
Network Architecture
 Overall network architecture
n
/e
o m
ei.c
w
hua
g.
n i n
ar Page 41
l e
: //
ttp
 The configuration and planning involves three sites: DC A, DC B, and the third-party quorum
site.
: h
s
ce
 The recommended distance between the two DCs is less than 100 KB, and bare fiber
resources must be available.
r

s ou
The third-party quorum site is connected to both DC A and DC B without distance
requirements.
Re

n g
On core switches, public networks must be logically isolated from the private network and
ni
voting network.
a r
e
 On wavelength division multiplexing (WDM) devices, different WDM channels should be used
e L
to carry these networks (especially in scenarios with large-scale networks). The minimum
or
requirement is that public networks be physically isolated from private networks. Public
networks can share WDM channels with other traffic (such as traffic among servers) based on
M the bandwidth utilization.
 Databases are used to provide service access to upper-layer application servers. It does not
directly provide service access for WAN users.
Cross-DC Network (1)
 To ensure solution reliability, data transmission links and heartbeat links can be
separated. End-to-end traffic isolation through a VLAN or VRF and independent
physical interconnection link allocation allow traffic isolation between services
and cluster heartbeats without mutual impacts.
n
 Services involving cross-DC data transmission are as follows:
/e
 Fibre Channel links are used to synchronize data in real time between same-city DCs.
o m
i.c
 A Layer 2 Ethernet is used for heartbeat communication of host application clusters
and communication of synchronization interconnection links between DCs.
w e
h ua
g.
n i n
ar Page 42
l e
: //
h ttp
s :
r ce
s ou
Re
n g
r ni
e a
e L
or
M
 If the fiber distance of two DCs is less than or equal to 25 km, and the number
of bare fiber pairs is greater than 4,
 it is advised to cascade four core switches in a 10GE network with two pairs of bare
fibers.
n
/e
 it is advised to cascade four Fibre Channel switches in a one-to-one network with two
m
pairs of bare fibers.
o
e i.c
w
h ua
g.
n i n
ar Page 43
l e
: //
h ttp
s :
r ce
s ou
Re
n g
r ni
e a
e L
or
M
 If the fiber distance of two DCs is more than 25 km or the pair of bare fibers is fewer than
four, it is advised to use optical transfer network (OTN) WDM devices to build an intra-city
network for the two DCs.
 Both Ethernet switches and Fibre Channel switches are connected to OTNs, and the OTNs
n
/e
of both DCs are directly cascaded with two pairs of bare optical fibers.
o m
e i.c
w
h ua
g.
n i n
ar Page 44
l e
: //
h ttp
s :
r ce
s ou
Re
n g
r ni
e a
e L
or
M
Network Architecture for Service Access -
B/S Applications
 B/S application network architecture
n
/e
o m
ei.c
w
hua
g.
n i n
ar Page 45
l e
: //
ttp
 Browser/server (B/S) applications are mostly Web applications providing domain name
h
access services externally. A Web-App-DB three-layer structure is employed: The Web-App
:
s
layer is deployed in VMs. VMs are deployed in DCs (multiple DCs form a cluster). DBs are
r ce
deployed in physical machines, which are deployed into Oracle Real Application Clusters (RAC)
ou
across DCs. The Web/App layer provides active-active access, while DB provides services only
for the App/Web layer.
es

R
Service access network design for the Web/App layer: In a three-layer physical network
n g
architecture, gateways at the Web/App layer are configured on the aggregation switches; in a
r ni
layer- two physical network architecture, gateways at the Web/App layer are configured on
a
the core switches. Gateways of the two sites are independent from each other and reside on
e
e L
different network segments with different routes advertised.
or
 Service access network design for the DB layer: In a Layer 3 physical network architecture,
M
gateways at the DB layer are configured on the aggregation switches; in a Layer 2 physical
network architecture, gateways at the DB layer are configured on the core switches. Layer-2
interconnection is required between the two sites which reside on the same network
segment. Active-active gateways are deployed at all sites. The gateways advertise the host
route of the databases to a DC. This host route is not advertised to the WAN.
Network Architecture for Service Access -
C/S Applications
 C/S application network architecture:
n
/e
o m
ei.c
w
hua
g.
n i n
ar Page 46
l e
: //
ttp
 C/S applications are mostly middleware applications providing external IP address–based
h
access without any Global Server Load Balance (GSLB). C/S applications use the App-DB Layer
:
s
2 structure: The application layer is deployed in VMs. VMs are deployed in DCs (multiple DCs
r ce
form a cluster). DBs are deployed in physical machines. The application layer runs in a single
ou
DC. The DB layer provides services to the application layer only.

es
Service access network design for the DB layer: In a Layer 3 physical network architecture,
R
gateways at the DB layer are configured on the aggregation switches; in a Layer 2 physical
n g
network architecture, gateways at the DB layer are configured on the core switches. Layer-2
r ni
interconnection is required between the two sites which reside on the same network
a
segment. Active-active gateways are deployed at all sites. The gateways advertise the host
e
e L
route of the databases to a DC. This host route is not advertised to the WAN.
or
 Service access network design for the application layer: In a Layer 3 physical network
M
architecture, gateways at the application layer are configured on the aggregation switches; in
a Layer 2 physical network architecture, gateways at the application layer are configured on
core switches. Layer-2 interconnection is required between the two sites which reside on the
same network segment. Gateways are designed in two ways:
 Centralized gateways: The gateway in the DC where the application layer resides is
configured as the primary Virtual Route Redundancy Protocol (VRRP) gateway and
advertises the primary route. The gateway in the other DC is configured as the
secondary gateway and advertises the secondary route. If VMs are migrated across
DCs, gateway primary/secondary relationship remains unchanged, and there will be
cross-DC access
 Active-active gateways: These gateways are deployed at all sites. They can dynamically
n
/e
detect the location of an App host in the DC, and release host routes to the DCs and
the WAN, enabling network access using the shortest path.
o m
e i.c
w
h ua
g.
n i n
ar
l e
: //
h ttp
s :
r ce
s ou
Re
n g
r ni
e a
e L
or
M
C/S Application Network Architecture -
Centralized Gateway (1)
 C/S applications generally run in a single DC, and the gateways advertise
network segment routes. C/S applications can be migrated across DCs. C/S
application path — before the migration:
n
/e
o m
ei.c
w
hua
g.
n i n
ar Page 48
l e
: //
h ttp
s :
r ce
s ou
Re
n g
r ni
e a
e L
or
M
Centralized Gateway (2)
 C/S application path - after the migration:
n
/e
o m
ei.c
w
hua
g.
n i n
ar Page 49
l e
: //
ttp
 The centralized gateways do not switch along with the VM migration. As a result, cross-DC
h
access exists. However, external routes are stable with clear access paths, which simplifies
:
troubleshooting and O&M.
s
r ce
s ou
Re
n g
r ni
e a
e L
or
M
Active-active Gateway (1)
 C/S applications can be migrated and scheduled freely across DCs. Host routes
are advertised from gateways nearest to the DC based on the location of VMs.
C/S application path optimization — before the migration:
n
/e
o m
ei.c
w
hua
g.
n i n
ar Page 50
l e
: //
h ttp
s :
r ce
s ou
Re
n g
r ni
e a
e L
or
M
Active-active Gateway (2)
 C/S application path optimization - after the migration
n
/e
o m
ei.c
w
hua
g.
n i n
ar Page 51
l e
: //
ttp
 Address Resolution Protocol (ARP) broadcast is performed after the VM migration. The
h
active-active gateway sends an ARP unicast request to detect the VM location. When the VM
:
s
location is detected, a new host route is advertised from another gateway based on the
r ce
location, and the original route is canceled after timeout.
s ou
Re
n g
r ni
e a
e L
or
M
Layer 2 Interconnection
 Networks requiring Layer 2 interconnection are:
 Service networks and heartbeat networks on the DB layer
 Service networks and service management networks of VMs

n
 Service networks and heartbeat networks on the application layer of
/e
C/S applications
o m
ei.c
w
hua
g.
n i n
ar Page 52
l e
: //
h ttp
s :
r ce
s ou
Re
n g
r ni
e a
e L
or
M
Layer 2 Interconnection - Common
Ethernet Interconnection Design
 Ethernet interconnection network architecture of medium- and
large-sized DCs
n
/e
o m
ei.c
w
hua
g.
n i n
ar Page 53
l e
: //
ttp
 Interconnection access design: Interconnection aggregation switches are deployed at all sites.
h
Access based on CSS+link aggregation does not contain Layer 2 loops. The gateway switch at
:
s
a site connects to the interconnection aggregation switch through CSS+link aggregation. The
r ce
interconnection aggregation switch connects to a WDM device through CSS+link aggregation.
ou
Besides, Layer 2 storm suppression is configured on the interconnection aggregation switches.

es
Interconnection WDM design: WDM devices, interconnected with two bare fibers, are
deployed at all sites. R
n g
ni
 Interconnection aggregation switches are not necessary for the interconnection of small DCs.
r
Access switches and core switches are connected directly and then communicate with each
a
e
other through WDM devices. Layer-2 storm suppression is configured on the core switches.
L
e
or
M
Layer 2 Interconnection - Huawei EVN
Interconnection Design
 EVN interconnection network architecture of medium- and large-
sized DCs
n
/e
o m
ei.c
w
hua
g.
n i n
ar Page 54
l e
: //
ttp
 Interconnection access design: Interconnection aggregation switches are deployed at all sites.
h
The gateway switch at a site connects to the interconnection aggregation switch through
:
s
CSS+link aggregation. The interconnection aggregation switch connects to a WDM device
r ce
through CSS+link aggregation and runs Ethernet Virtual Network (EVN) PE. The EVN Layer 2
ou
channel is set up between EVN PEs. Layer 3 communication between DCs and Layer 2
s
isolation ARP broadcast, unknown unicast restricted in the local DC
e

R
Interconnection WDM design: WDM devices, interconnected with two bare fibers, are
n g
deployed at all sites.
r ni
Interconnection aggregation switches are not necessary for the interconnection design of
a

e
small- and medium-sized DCs. Access switches and core switches are connected directly and
L
e
then communicate with each other through WDM devices. Other designs are the same as
or
those for medium- and large-sized DCs.
M
Inter-site Load Balancing (Domain Name
Access)
 Principles of load balancing among sites (Domain name access)
n
/e
o m
ei.c
w
hua
g.
n i n
ar Page 55
l e
: //
ttp
 B/S services provide domain name access externally.

: h
One domain name corresponds to two service IP addresses that are deployed in the two DCs
s
ce
respectively. Access load balancing is implemented among sites based on the GSLB or a DNS
server.
r

s ou
The F5 GTM GSLBs can be used. If the service traffic is low, the built-in DNS server of
Re
Windows can be used to implement simple load balancing (polling).
n g
There are two typical GSLB cross-site load balancing policies:
r ni
Load balancing based on the location where the local DNS request is initiated
e a Minimum round trip time (RTT) based on the GSLB and the local DNS
L

e
or
 C/S services provide IP address access externally.
If C/S applications do not support distributed deployment, the applications can run in one DC
M

only because primary routes can be advertised only in one DC. However, automatic failover
to the secondary site is supported.
Intra-site Load Balancing - Network
Topology
 SLB Layer 3 bypassing
n
/e
o m
ei.c
w
hua
g.
n i n
ar Page 56
l e
: //
ttp
 SLB can balance load among sites. In this solution, F5 LTM SLBs are deployed and support
h
load balancing health detection of a range of application layer protocols, such as http/https,
:
s
FTP, Diameter, SMPP, and SIP. External interfaces (including IP addresses and ports) provided
r ce
by SLB receive service requests from the client.
s ou
In Huawei active-active DC solution, it is recommended that Layer 3 bypassing networking be
used.
Re

n g
In Layer 3 bypassing networking, SLBs are mounted to the core switches in bypass mode, and
ni
service servers are connected to access switches. This networking is suitable for large-scale
r
networking scenarios.
a

L e
Two SLBs are deployed at one site to constitute dual-host hot backup clusters. If two sites are
e
or
deployed with two SLB clusters respectively, a failover to the secondary SLB is triggered if the
primary SLB becomes faulty.
M
Intra-site Load Balancing - HTTP Protocol
 HTTP load balancing working principles
n
/e
o m
ei.c
w
hua
g.
n i n
ar Page 57
l e
: //
ttp
 The SLB provides service access externally through a floating IP address which is accessed by
all web clients.
: h
s
ce
 The SLB provides an array of scheduling algorithms based on the HTTP service:
r
ou
 Least connections: The SLB distributes client requests to real servers that have the
least connections.
es

R
Polling: The SLB distributes requests sent from clients to real servers in the resource
g
pool in the polling mode based on a scheduling algorithm.
n

r ni
Weighted least connection: Based on the performance weighting, the SLB distributes
e amore connection requests to the real servers that have the least connection.
e L  Weighted polling: This algorithm is based on the polling scheduling algorithm, but it
or
distributes more connection requests to the servers with higher weight value.
M  Based on HTTP service, the SLB provides a range of health detection policies to ensure
availability of remote servers. Besides, the SLB supports health check based on Ping, UDP,
TCP, HTTP and Shell scripts. A node failing to pass the health check no longer receives new
requests until it is detected to be available by the healthy check.
Contents

n


/e
o m
i.c

e
w
ua
3. Fault Scenarios
. h
i n g
r n
l e a Page 58
: //
ttp
: h
s

r ce
ou
es
R
n g
ni
r
or
switching
Security-layer Technologies
 In addition to the security threats posed to traditional DCs, the active-
active DCs face the cross-DC security threats. Huawei provides
comprehensive network area-specific security solutions to DC and
cross-site DC transmission:
n
Security solution for Internet access areas
/e
m

o
i.c
 Security solution for extranet access areas
e
 Security solution for intranet access areas
w
ua
 Security solution for DC interconnected areas
h
Security solution for DC service areas
.

 Security solution for network management zones
i n g
r n
l e a Page 59
: //
ttp
 The security solution for the active-active DC solution focuses mainly on two components:
h
firewall and WDM transmission devices. Huawei WDM transmission devices rectify security
:
s
issues during transmission through encryption and decryption transmission boards. These
r ce
boards feature excellent performance and do not increase the transmission delay.
s ou
Re
n g
r ni
e a
e L
or
M
SSL VPN Security Access Solution
 SSL VPN security access solution
n
/e
o m
ei.c
w
hua
g.
n i n
ar Page 60
l e
: //
ttp
 Deployment scheme:
: h
An SVN gateway is generally deployed at the Internet entry/exit (behind the firewall
s

ce
and before the application server). By default, SSL port 443 is enabled on the firewall.
r
ou
 A private IP address is configured on the SVN gateway, with reachable route destined
s
for the internal server. One public network IP address is advertised externally for users'
e
R
access. The IP address can be configured on the SSL gateway or can be used for NAT by
g
the firewall.
n
ni
 Remote users enter the gateway IP address for access by using web browsers or client
a r
software. Packets are sent to the firewall first. After the firewall identifies that the
L e packets are destined to the SVN gateway, the packets are forwarded to the SVN for
e
or
decryption before being sent to the target server.
M
Typical Security Design for DC Intranet
 Security architecture for DC intranet
n
/e
o m
ei.c
w
hua
g.
n i n
ar Page 61
l e
: //
ttp
 Access control and security isolation (horizontal traffic management) are provided to
different service areas.
: h
s
ce
 Device: the unified security gateway (USG)
r
ou
 Implementation: bypass deployment for the unified security gateway
es
For areas or servers requiring interworking, divert the traffic to the firewall and control
R
the access by using a security policy, thereby strictly minimizing access authorization.
n g
ni
 To implement full isolation between two independent service areas without service
r
communication, configure strict access isolation policy on the gateway. Alternatively,
e aadopt the firewall virtualization technology to allocate independent vFWs for the
e L service areas, which interworks with the switch virtualization technology, thereby
or
achieving full traffic isolation.
M  Internal-external access control for DCs (vertical traffic control)
 Device: USG
 Implementation mode: Deploy the USG in bypass mode (firewall service

board+intrusion prevention system board)
 Use firewalls to restrict the access sources and destinations from different areas in a
city.
 Enable the intrusion prevention system to clean traffic accessing the DC service areas,
especially traffic accessing Internet services. Ensure that strict access authorization,
attack defense, and malicious code filtering are available.
 Monitoring and evidence obtaining against attacks and malicious penetrations
 Device: Intrusive detection system (IDS)

n
Implementation mode: core switches mirror traffic to the IDS for detection, warning, /e
m

and evidence obtaining.

o
 Virtual server internal traffic control
e i.c
w
ua
 Device: DeepSecurity
. h
Implementation mode: deploy the DeepSecurity components on the ESXi platform to
i n g
divert the VM traffic to be controlled to virtual firewalls for rule-based filtering.
r n
l e a
: //
h ttp
s :
r ce
s ou
Re
n g
r ni
e a
e L
or
M
Contents
3. Fault Scenarios
n
/e
o m
ei.c
w
hua
g.
n i n
ar Page 63
l e
: //
h ttp
s :
r ce
s ou
Re
n g
r ni
e a
e L
or
M
Storage Array Failover
 Storage array failover (example) - data flow direction
n
/e
o m
ei.c
w
hua
g.
n i n
ar Page 64
l e
: //
ttp
 When a disk array in a DC is down, service I/Os are automatically switched to the disk array in
h
the other DC without interrupting services. If one disk array in DC A is down, the fault
:
handling process is as follows:
s
r ce
If the storage array in DC A takes the initiative to power off, a command is sent to the
ou

storage array in DC B, asking the storage array to take over services.
es
R
 The storage array of DC A suspends all Active-active LUN at the same time.
n g
The multipath to the storage array of DC A is unavailable, so the I/Os are forwarded to
ni
the storage array of DC B.
a r
e
 The storage array of DC B records the differential bitmap of the newly received I/Os.
e L
After the faulty storage array in DC A powers on, the active-active relationship is manually
or
restored and the incremental data is synchronized automatically based on the differential
M bitmap without affecting upper-layer services.

Application Server Faults (1)
 One application server in a site is faulty - data flow direction
n
/e
o m
ei.c
w
hua
g.
n i n
ar Page 65
l e
: //
ttp
 If an application server is faulty in a site, the process for a client accessing the server is as
follows:
: h
s
ce
 An application server becomes faulty and cannot provide services.
r
ou
 The client sends the HTTP request to the SLB floating IP address.
es
The SLB sends the request to the server that processed the session recently
R
The Web server detects that the application server is faulty and sends subsequent
g

ni n
HTTP requests to functional nodes. The HTTP session of one customer can be retained.
a r
If the faulty application server in DC A recovers, upper-layer services are not affected and the
e
HTTP session of one customer can be retained.
L
e
or
M
Application Server Faults (2)
 All application servers in a site are faulty - data flow direction
n
/e
o m
ei.c
w
hua
g.
n i n
ar Page 66
l e
: //
ttp
 If all application servers are faulty in a site, the process for a client accessing the server is as
follows:
: h
s
ce
 DC A becomes faulty and cannot provide services.
r
ou
 If the Web server of DC A detects that all the application servers are not accessible, the
s
load balancing policy is modified to distribute the service traffic to the application
e
R
cluster of DC B.
n g
The client sends the HTTP request to the SLB floating IP address.
r ni
The SLB sends the request to the web server that processed the session recently
e aIf the Web server of DC A detects that all the application servers are not accessible, the
L

e
load balancing policy is modified to distribute the service traffic to the application
or
cluster of DC B.
M  If the faulty application servers in DC A recover, upper-layer services are not affected and the
HTTP session of one customer can be retained.
WAN Link Failover
 WAN link failover example
n
/e
o m
ei.c
w
hua
g.
n i n
ar Page 67
l e
: //
ttp
 If a centralized gateway is used for the DC, DC A advertises a network segment route with the
h
cost being 10, and DC B advertises a network segment route with the cost being 100. When a
:
s
failover occurs, the fault handling process is as follows:
r ce
The primary network segment route of DC A is canceled, and DC B advertises a
ou

network segment route with the cost being 100, which is a primary router after
convergence.
es
R

n g
The client accesses DC B based on the router, then the client arrives the Web
ni
application of DC A through the Layer 2 network of DC B.
a r
No switchover is performed for services in the two DCs and the services run properly.

L e
The egress failover of DCs is same as that of the WAN link.
e
or
M
Link Failover Among Sites
 Link failover among sites - data flow direction
n
/e
o m
ei.c
w
hua
g.
n i n
ar Page 68
l e
: //
ttp
 An intra-city network includes the service data synchronization network, array heartbeat
h
network and Oracle RAC private network. When an intra-city network is faulty, the disk
:
s
arrays in the two DCs experience heartbeat interruption. The array granted with priority wins
r ce
the arbitration and takes over all services. Another disk array stops providing services. In
ou
addition, arbitration is performed in the database. Because only one DC provides LUNs for
s
read and write, services are automatically switched to this functional DC. The detailed fault
e
R
handling process is as follows:
n g
If intra-city network links are down and the storage arrays have detected that
ni

r
heartbeat network links are faulty, the storage arrays start contending for arbitration.
e a If the storage array in DC A wins the arbitration, the storage array in DC B stops all
L

e
active-active LUNs.
or  The storage array sets LUNs of DC B to be unavailable and the array active-active
M 
relationship is faulty.
In Oracle RAC environments, RAC detects that the links between the DCs A and B are
down, and service I/Os cannot be accessed. Services running on DC A automatically
switches to DC B.
 Web and application servers in DC B cannot access the database.
 If exceptions are found in the Web and application servers in the GSLB health
detection, the load balancing policy is changed so that data is not distributed to DC B.
Site Failover
 Site failover
n
/e
o m
ei.c
w
hua
g.
n i n
ar Page 69
l e
: //
ttp
 In the active-active storage solution, all devices are deployed in redundant mode. If one DC is
h
down because of power supply failure or a fire, the other DC takes over all services after
:
s
winning the arbitration, and services are automatically switched. The detailed fault handling
process is as follows:
r ce

s ou
If intra-city network links are down and the storage arrays in DC A have detected that
e
heartbeat network links are faulty, the storage arrays start contending for arbitration.
R

n g
The storage arrays in DC A cannot access that of DC B. The storage array sets the LUNs
ni
of DC B to be unavailable and the array active-active relationship is faulty.
a r
In Oracle environments, services of DC B are automatically switched to DC A.
L e
 If exceptions are found in the Web and application servers in the GSLB health
e
or
detection, the load balancing policy is changed so that data is not distributed to DC B.
M
Quiz
1. What are the functions of the OceanStor V3 storage system in Huawei
HyperMetro Solution?
2. What are the design principles of the HyperMetro network layer?
n
/e
3. How is the DR test performed in the HyperMetro solution?
o m
ei.c
w
hua
g.
n i n
ar Page 70
l e
: //
h ttp
s :
r ce
s ou
Re
n g
r ni
e a
e L
or
M
Summary
 Functions of each layer of the HyperMetro solution
 DR solution design principles for the application layer of the

HyperMetro solution
n
 DR design elements of the security layer of the HyperMetro
/e
solution
o m
ei.c
w
hua
g.
n i n
ar Page 71
l e
: //
h ttp
s :
r ce
s ou
Re
n g
r ni
e a
e L
or
M
Thank You n
www.huawei.com /e
o m
ei.c
w
hua
g.
ni n
ar
l e
: //
http
s :
r ce
sou
Re
n g
rni
e a
e L
or
M
The privilege of HCNA/HCNP/HCIE:
With any Huawei Career Certification, you have the privilege on http://learning.huawei.com/en to enjoy:
n
 1、e-Learning Courses： Logon http://learning.huawei.com/en and enter Huawei Training/e-Learning
/e

o m
If you have the HCNA/HCNP certificate：You can access Huawei Career Certification and Basic Technology e-Learning
courses.
e i .c
If you have the HCIE certificate: You can access all the e-Learning courses which marked for HCIE Certification Users.
aw

Methods to get the HCIE e-Learning privilege : Please associate HCIE certificate information with your Huawei account, and
hu

email the account to Learning@huawei.com to apply for HCIE e-Learning privilege.

g .
 2、 Training Material Download
i n

arn
Content: Huawei product training material and Huawei career certification training material.

//le
Method：Logon http://learning.huawei.com/en and enter Huawei Training/Classroom Training ,then you can download
training material in the specific training introduction page.
p :
 3、 Priority to participate in Huawei Online Open Class (LVC)
t t

s :h
The Huawei career certification training and product training covering all ICT technical domains like R&S, UC&C, Security,
4、Learning Tools: rc e
Storage and so on, which are conducted by Huawei professional instructors.
u

s o
eNSP ：Simulate single Router&Switch device and large network.

R e
WLAN Planner ：Network planning tools for WLAN AP products.

n g
In addition, Huawei has built up Huawei Technical Forum which allows candidates to discuss technical issues with Huawei experts ,
ni
share exam experiences with others or be acquainted with Huawei Products.
a r
 Statement:
L e
r e
This material is for personal use only, and can not be used by any individual or organization for any commercial purposes.
o
M
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential 1

HCIE-DC V1.0 Training Material 1 Cloud Data Center Solutions

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

HCIE-DC V1.0 Training Material 1 Cloud Data Center Solutions

Uploaded by

Copyright:

Available Formats

The privilege of HCNA/HCNP/HCIE:

email the account to Learning@huawei.com to apply for HCIE e-Learning privilege.

 Master data center development trends.

2. Data Center Development Trends and Challenges

3. Huawei Data Center Solution

Available infrastructures including equipment rooms, power generators,

UPSs, and air conditioners

 Customer service–based O&M management organizations and process

Storage switching network

Storage layer Fibre Channel

2. Data Center Development Trends and Challenges

3. Huawei Data Center Solution

device power consumption

Power consumption monitoring

BYOD Mobile phone x Number of

Office PC x Number of Office PC x Number of persons

Enterprise x86 servers B2B, B2C x86 clusters

Customer x86 servers Social x86 servers

1970s 1980s 1990s 2000s

Over 50,000 servers

 More than 35 programming languages

 Over five types of operating systems (OSs) and 20 types of versions

 More than 4000 applications

 More than 10 types of databases

 Over 25 types of middleware

 More than 10 PB data volume

Unified user experience across regions

M  Primary DCs and intra-city DR centers in Dongguan

 Remote DR centers in Nanjing

 SR:Three types of SRs are as follows:

Quick service rollout: Caters to organization and

Flexible scalability: Rapidly matches service peak

Copyright © 2017 Huawei Technologies Co., Ltd. All rights reserved.

1950s 1990s 1998 2006 2014

2. DC Development Trends and Challenges

3. Huawei Data Center Solution

Aggregation and access network zone (POD)

Computing capability + storage capability zone

Management layer Service requests Process approval

Service layer vRouter vRouter

Copyright © 2017 Huawei Technologies Co., Ltd. All rights reserved.

 vFW-based value-added security services

Copyright © 2017 Huawei Technologies Co., Ltd. All rights reserved.

 Elastic configuration and on-demand lease: Virtual computing resources, storage

e a Verify the technical feasibility.

 Lower investments and risks.

 Establish the ecological cooperation relationship with governments and enterprises in

x86 becoming the

Unique Virtualization Combination for Resource

Virtual System (VS) Cluster Switch System (CSS)

M  Provides open APIs to be compatible with mainstream VM management platforms.

CloudEngine 12800 Series

Copyright © 2017 Huawei Technologies Co., Ltd. All rights reserved.

2. Data Center Development Trends and Challenges

3. Huawei Data Center Solution

 ITaaS = IaaS + NaaS + PaaS + BKaaS +DRaaS + SaaS

ManageOne Heterogeneous virtualization

Copyright © 2017 Huawei Technologies Co., Ltd. All rights reserved.

 The unified management platform ManageOne centrally manages multiple DCs.

M management and service automation on multiple distributed DCs.

Exchange e-commerce ERP

L e VDC self-service operation: self-service provisioning, measurable

or  Services throughout the App life cycle

Abnormal fluctuation SLA Capacity management and forecasting