...building hybrid clouds that can support any device from anywhere
Today we have a treat for you! Richard Hicks, a Microsoft MVP in TMG firewalls and now a DirectAccess expert, shares some very interesting and useful information with you on some new features and capabilities in System Center Virtual Machine Manager and Hyper-V. In this article Richard covers an interesting aspect of private cloud, which is network virtualization.
As we’ve talked about many times in this blog, one of the key characteristics of any cloud infrastructure is the decoupling of the infrastructure from the services running on it – the services should be completely abstracted from the hardware that supports the services. This is what network virtualization can do for you. Richard tells you how it does this. Enjoy! –Tom.
Great strides have been made over the last few years in the areas of compute and storage virtualization. New features in Windows Server 2012 Hyper-V allow systems engineers to virtualize nearly any workload without issue. Until recently, network virtualization has lagged behind. Virtual workloads were still bound by the constraints of the physical network. This limited the flexibility for moving workloads in our datacenters and is a serious cause for concern. If a virtual machine is migrated (or fails over) to a host that resides on a different subnet, the virtual machine will have to be assigned a new IP address to communicate on the network.
While assigning an IP address is trivial and in fact can be automated, it introduces many challenges. Often network policy is enforced based on source and/or destination IP address. Assigning a new IP address will result in significant work updating existing firewall policies to reflect this change. In addition, IP address changes can be problematic for tiered applications that require communication with networked resources based on IP address. Changing the IP address of a virtual machine may, in some instances, require changes to the application itself.
With System Center 2012 Virtual Machine Manager (SCVMM) SP1, Microsoft introduces the concept of virtual networking, which is more broadly referred to as Software Defined Networking (SDN). Virtual networking is made possible by the Hyper-V Extensible Switch, with networking configuration and policies managed and distributed via SCVMM. Virtual networking addresses the essential need for abstraction of the physical network for virtualized workloads, freeing them from the limitations imposed by the physical network.
Once configured and enabled, Hyper-V network virtualization provides support for some important private cloud deployment scenarios, such as:
The good news is that Hyper-V network virtualization is compatible with existing networking equipment. There is no need to purchase new, specialized equipment to take advantage of these capabilities. The only drawback to Hyper-V network virtualization out of the box is that hosts located on virtual networks can only communicate with hosts located within their virtual network (which may include multiple virtual subnets). By default, they are unable to communicate with any resources located on the physical network, such as on-premises resources like Active Directory, DNS, file or database servers, etc. This is because network traffic on a virtual subnet is encapsulated by the Hyper-V Extensible Switch with NVGRE.
On premises non-virtual hosts, and even virtual hosts that are not using the Hyper-V Extensible Switch (perhaps connected directly to a physical network interface on the host) don’t participate in this communication. To address this challenge an NVGRE gateway is required to translate network communication between the Hyper-V virtualized network and the on-premises physical network. Once installed, hosts located on any virtual subnets can communicate with resources located on the physical network.
Iron Networks has worked closely with Microsoft to develop a turn-key, ready-to-deploy NVGRE gateway built on Windows Server 2012. It provides scalable, multi-tenant gateway services for Hyper-V virtual networks, allowing systems engineers to fully realize the potential of their private cloud investment. In addition, the Iron Networks NVGRE gateway includes site-to-site VPN services, which can be leverage to connect to cloud-based services like Windows Azure to enable a true hybrid-cloud solution.
For more information about the Iron Networks NVGRE gateway, visit http://www.ironnetworks.com/mnv.
Richard Hicks (MCP, MCSE, MCTS, and MCITP Enterprise Administrator) is the Director of Sales Engineering for Iron Networks, a Microsoft OEM partner developing secure remote access, network virtualization, and converged cloud infrastructure solutions. Richard is a four-time Microsoft MVP and has nearly 20 years of experience working in large scale corporate computing environments. Follow Richard on Twitter @richardhicks.
Go Social with Building Clouds! Building Clouds blog Private Cloud Architecture Facebook page Private Cloud Architecture Twitter account Building Clouds Twitter account Private Cloud Architecture LinkedIn Group Building Clouds Google+ Community Cloud TechNet forums TechNet Cloud and Datacenter Solutions Site Cloud and Datacenter Solutions on the TechNet Wiki