VMware Solutions Discussions

Post-ImagineVirtuallyAnything Event Discussion (Cisco, VMware & NetApp Secure Multi-Tenancy)

valb
6,626 Views

There were 75 great questions answered as part of this exciting event today with Tom Georgens of NetApp, Tony Bates from Cisco, and Paul Maritz from VMware.

The innovative secure multi-tenancy architecture was introduced to the world: http://www.cisco.com/en/US/docs/solutions/Enterprise/Data_Center/Virtualization/securecldg.html

Which questions were your favorite(s)?  Which ones weren't answered to your satisfaction?  Which ones would you have liked to ask but didn't get a chance?

Speak out - and let's continue the discussion over here!

13 REPLIES 13

radek_kubka
6,613 Views

Hi Everyone,

Sadly I didn't make it to the event (surely will review the recording though), so apologies if the question has been answered already.

In this solution MultiStore & vFilers play a huge role, so one thing springs immediately to mind:

What is a likely timeframe for MultiStore to support FC and/or FCoE?

I reviewed briefly the architecture via the provided link (BTW - great, in-depth description) & somehow this 1.0 version gets away with only vFiler0 being connected to FC SAN (& boot LUNs).

But arguably with MultiStore supporting all protocols the separation (& flexibility) could go even deeper...

Kind regards,
Radek

valb
6,613 Views

Hi Radek,

Thanks for the question!  We have heard many requests from our customers to ad FC & FCoE support for MultiStore.  We have plans to provide that kind of functionality in future releases of Data ONTAP.  Please contact your local NetApp NDA specialist to provide you more details.

-Val.

BrendonHiggins
6,614 Views

Hi, welcome to the community


I watched the presentation and have had a scan through the supporting documentation, which is very well written. I can think of two issues from the business risk team that have not been address.

  1. In physically separate systems, issues in one environment can not effect or take the 2nd environment down, how do we 'know' this is the case with secure multi-tenancy
  2. What would the auditors say?  ~  Secure multi-tenancy needs to be "blessed" by professional auditing firms

I can see many technical solutions to question one but question two would just be the end of the design in the early stages in my environment.  However I agree this is likely to be the future direction of the data centre.


Bren

jdonalds
6,615 Views

Bren,

Hopefully this will answer your questions a bit:

1) We have architected the solution for each tenant container to be resilient from other tenant workloads or misconfigurations. We have vMware DRS and UCS classes at the compute layer, QoS, CAR and 10GBe in the network, and FlexShare (QoS for storage). This allows us to provision SLAs for each tenant and maintain them.

2) We are in the late stages of having an independant 3rd party security audit done and posted. Keep your eyes open. If there are any specific certifications you are interested in, drop us an email.

Thanks!

Jonathan

radek_kubka
6,613 Views

Hi Val,

Thanks for your response.

Can you be a little bit less vague with us though?

We all are here on forums to hear & discuss latest & greatest, so "contact your local NetApp NDA specialist" sounds somewhat dry if you know what I mean

Kind regards,
Radek

valb
6,613 Views

Hi Radek,

I suspect we both share a passion for this technology, so I feel your pain.

But sharing sensitive info like that in a public forum such as this is both unwise from a competitive perspective as well as against corporate policy.  If you want good detail on real futures, it must be in the context of an in-person NDA update.

-Val.

radek_kubka
5,867 Views

Val,

Let me disagree with you again - here is why.

Do you think Perez Hilton gets a lot of traffic because he is writing what he is 'allow' (however we define this) to write? Communities need juicy content too , otherwise no one will be bothered to look in here.

Although I appreciate posting everything is not very wise, bear in mind mostly NetApp, NetApp partners & NetApp customers are visiting Communities. And with sensitive info usually there is a big middle ground, between saying all & saying nothing.

We are all like Perez here - doing things which at first look seem to be unwise. E.g. should I, as a reseller, expose my knowledge & experience to make my competitors' life easier? Or shall I rather keep that to myself?

Regards,

Radek

valb
5,867 Views

Hi Radek,

Again - thanks for your support and passion.  You guys definitely keep our online communities vibrant!  I think there are many "edgy" things we can openly discuss here (such as pioneering application deployments on NetApp, far-flung infrastructures or uncharted areas of performance, dedupe, etc...).

However, crossing the NDA line over here is simply a non-starter.  These communities have been called out in a negative light in the past by probing journalists (see link below) so there is no upside and plenty of downside to your well-intentioned request.  This is simply not the right forum for authoritative discussions on NetApp product futures, regardless of what Perez thinks

http://searchstorage.techtarget.com.au/articles/36830-Did-NetApp-lose-it-s-customer-database-They-get-lashed-by-HDS-HP-anyway-as-bloggers-go-mild-over...

-Val.

michaelhudak
5,868 Views

Check out the document 'Cisco, NetApp, VMWare Enhanced Secure Multi-Tenancy Design Guide' in NetApp Community.

Introduction

Goal of This Document
Cisco®, VMware®, and NetApp® have jointly designed a best-in-breed Enhanced Secure Multi-Tenancy
(ESMT) Architecture and have validated this design in a lab environment.

This document describes the design of and the rationale behind the Enhanced Secure Multi-Tenancy Architecture. The design includes many issues that must be addressed prior to deployment as no two environments are alike. This document also discusses the problems that this architecture solves and the four pillars of an Enhanced
Secure Multi-Tenancy environment.

Audience

The target audience for this document includes, but is not limited to, sales engineers, field consultants,
professional services, IT managers, partner engineering, and customers who wish to deploy an Enhanced
Secure Multi-Tenancy (ESMT) environment consisting of best-of-breed products from Cisco, NetApp,
and VMware.

Objectives

This document is intended to articulate the design considerations and validation efforts required to
design, deploy, and backup Enhanced Secure Multi-Tenancy virtual IT-as-a-service.

Just follow this link to see document 'Cisco, NetApp, VMWare Enhanced Secure Multi-Tenancy Design Guide'
http://communities.netapp.com/docs/DOC-8314

keenest913
6,612 Views

Forgive me for playing devil's advocate here...

I fully understand the need to offer greater security, performance guarantees, and isolation in a virtual infrastructure especially when there is multi-tenancy and I particularly like what VMware, NetApp, and Cisco have put together.  However, are we not just "undoing" many of the efficiencies that virtualization brings by creating, once again, wasteful silos?  There are now more and more layers of virtualization occuring which consequently increases the management overhead of the solution.  We now have virtual virtualization - virtual dedicated resources or VDR if I can steal the term from a colleague.  How far do we go until we're back in the same spot we were in before virtualization came along with too many resources and low utilization?  Thoughts?

BTW, I posted a much more positive and supportive perspective on this topic on my blog yesterday. 🙂

peluso
6,612 Views

Hi -- can you point me to the blog post?  Would love to read it...

Terri

Thanks so much!
Terri Peluso
Senior Community Program Manager

navneet
5,867 Views

Thanks for sharing! good read.

Public