Server Hosting Service Description:
LTS will provide a department the required space to host virtual machines in VMware on a SAN located in the ISC computer room.
The virtual machine hosting service offers a number of added services and benefits:
Facilities Managed Computer Room
The hosting environment SAN and Host Bus Adapters are in a locked rack housed in the Computer Room with restricted door card access to authorized personnel only.There is 24-hours camera surveillance; redundant power from independent power feeds; in addition, each one of the power source is UPS protected. There are alarm points below the raised floor and in the ceiling, if more than one alarm point senses heat or smoke Halon gas is released.
Virtual Environment Topology
The virtual machines will be hosted in a VMWare ESX environment which contains multiple ESX hosts.These ESX hosts connect to a SAN for shared storage. To minimize downtime caused by hardware failure, the environment is configured for redundancy with multiple ESX host, multiple Host Bus Adapters, multiple SAN Switch ports, multiple storage processors, and RAID 5 storage.
A Juniper firewall cluster configured in high availability mode acts as a secure gateway between PennNet/Internet (Untrusted Zone) and server resources behind the firewall.A custom firewall policy is developed for each resource hosted on each of the virtual machines. All policies are developed based on service port and PennNet only IP addresses.When hosting web servers we only support the use of HTTPS with an SSL Certificate to minimize vulnerabilities and exploits common on the standard HTTP port. All port 80 traffic re-directed to port 443.
Virtual Local Area Networks (VLANs)
A Foundry Switch in the TSS managed rack is configured for 4 VLANs to support traffic segmentation behind the firewall cluster. LTS has access to each VLAN, giving us the ability to place each virtual machine in the appropriate VLAN for another layer of security. Also, the Foundry switch is connected to a 1 Gig backbone to allow the flexibility of upgrading to 1 Gig ports when possible.The switch is owned and managed by ISC Networking, which provides troubleshooting and support when needed.
BackItUp is an ISC Online Data Backup Service. This service provides online backup and restore.The cost is $6/GB/month which includes the option to participate in the Disaster Recovery exercises at SunGard. Data is restored from the last daily differential backup. ISC guarantees that in case of a University-wide disaster, the BackItUp server will be accessible and available for data restoration to an endpoint on PennNet within 36 hours.
BackItUp with SunGard Service Level Agreement: This service also provides the same online backup and restore as the standard BackItUp option however with a SunGard SLA included, you will be provided with hardware at SunGard to restore your data.There’s an additional charge for this service.
Overall benefits of virtualization
- Business Benefits:
- Hardware savings - Run multiple systems on single high-performance hardware, TSS SAN rather than maintaining single use hardware, making more efficient use of resources.
- Lower # of physical servers translates to lower management overhead.
- Abstraction from hardware minimizes downtime if/when hardware needs to be taken down for update/replacement.
- Hardware abstraction allows for portability which aids in restores or DR scenarios.
- traditional tasks related to physical servers (remote power up or shutdown, increasing memory or CPU, add/increase disk space/drive, load ISO) can be done.
- remotely through any web browser, and in some cases can be accomplished without powering off the machine.
- Virtualization provides robust security support by allowing administrators to configure different security settings as needed on each container.
- Virtualization allows a dedicated failover partition to provide systems redundancy without require additional hardware.
- Power, space and cooling savings – server consolidation lowers power consumptions.
- Testing apps/QA is simplified and sped up through use of snapshots which provides a quick and easy way to rollback changes.
For more information on the Virtual Server service please send email to magida@isc.