双活数据中心与灾备解决方案技术部分PPT课件.pptx

1、2014VMwareInc.Allrightsreserved.双活数据中心与灾双活数据中心与灾备解决方案解决方案-技技术部分部分臧铁军VMwareGCH COE 云架构师议程程1同城双活技术方案2异地灾备技术方案2基于虚基于虚拟化技化技术的的业务连续性解决方案概性解决方案概览资源池源池vSpherevSpherevSphere本地站点本地站点灾灾备站点站点基于虚基于虚拟化化层的异步复制的异步复制基于硬件基于硬件设备的同异步复制的同异步复制自自动化化应用切用切换管理管理城域集群城域集群应用感知的高可用性用感知的高可用性关关键应用零停机保用零停机保护在在线迁移虚迁移虚拟机，机，动态调配配计算与存

2、算与存储资源源VMotion and Storage VMotion高效的数据高效的数据备份与恢复份与恢复可通可通过运行运行计划与脚本划与脚本实现自自动化操作化操作资源池源池vSpherevSphereDev/TestDev/TestDev/Test灾灾难恢复恢复本地高可用本地高可用数据保数据保护方案特点方案特点 与与应用程序和操用程序和操作系作系统无关无关与硬件与硬件设备无关无关 完善的保完善的保护 简单，经济3议程程1同城双活技术方案2异地灾备技术方案4双活数据中心在各个双活数据中心在各个级别上全面保障可用性上全面保障可用性vMotion&DRSHA&FT服务器Storage vMotio

3、n，Storage DRS存储VMFSVMFS硬件热添加多网卡绑定存储多路径组件数据Data ReplicationMetro Cluster站点5双活数据中心双活数据中心总体架构体架构双活存双活存储集群集群站点站点A站点站点B延伸的延伸的vSphere集群集群 200 km行为与单个vSphere相同延伸距离最大200KM，通常小于50KM通过VMwareHA与vMotion实现自动的DR保护需要双活存储集群，如EMC的vPlex，NetApp的MetroCluster等6计算算资源源设计Making an Application Service Highly AvailablevSpher

4、eHAvSphereAppHA8VMwarevFabrictcServervSphere App HAPolicy-basedProtectoff-the-shelfapps9Fault Tolerance vs.High AvailabilityFaulttoleranceAbilitytorecoverfromcomponentlossExample:HarddrivefailureHighavailabilityUptime percentage in one yearDowntime in one year993.65days99.98.76hours99.9952minutes99.

5、999“fivenines”5minutesX10支持多支持多vCPU的容的容错技技术InstantaneousFailover4vCPU4vCPUvSpherePrimarySecondaryFastCheckpointingFTsupportforupto4vCPUsProtectionforhighperformance,multi-vCPUVMsNew,morescalabletechnology:fastcheck-pointingtokeepprimaryandsecondaryinsyncOverviewProtectmission-critical,high-performan

6、ceapplicationsregardlessofOSContinuousavailability:zerodowntime,zerodatalossforinfrastructurefailuresFullyautomatedresponseBenefits11Targetingcross-continentaldistancesupto100msRTTsMaintainstandardvMotionguaranteesLeaderinVMflexibility功能简介功能简介PermanentmigrationsbetweendatacentersDisasteravoidance(DA

7、)DR/DAtestingMulti-siteloadbalancingFollowthesunBenefits长距离距离vMotionvSphere6.0支持跨三层网络和跨vCenterServer的vMotions12vCenter AvailabilityRunvCenterServerapplicationinaVMRunvCenterServerdatabaseinaVMRunbothinsameVM?ProtectwithvSphereHAvCenterandDBVMrestartprioritysettoHighEnableguestOSandAppmonitoringAppHA

8、canprotectSQLServerdatabaseBackupvCenterServerVManddatabaseImage-levelbackupforvCenterServerVMApp-levelbackupusingagentfordatabasebackup13网网络资源源设计双活数据中心网双活数据中心网络架构架构物理二层物理二层(裸光纤裸光纤)逻辑二层逻辑二层层叠网络层叠网络/VPN 二层分段VMVMVM二层分段VMVMVM二层网络扩展的二层网络(二层内容在数据中心互连链路上传递)站点A站点B二层网络15NSX vSphere Multi-Site Use CasesNSX f

9、or vSphere supports 3 different Multi-Site Deployment Models1.VXLANwithStretchedClusters(vSphereMetroStorageCluster)2.VXLANwithSeparateClusters3.L2VPNAll solutions provide L2 extension over an L3 network,enabling workload&IP mobility without the need to stretch VLANsLocal egress is supported,however

10、 it does add complexityThe appropriate deployment model will depend on customer requirements and their environmentNSX利用利用层叠网叠网络实现双活数据中心双活数据中心双活存双活存储vSphere城域存城域存储集群集群数据存数据存储1数据存数据存储2vCenterServer三层网络站点站点A站点站点BVM1VM2VM3逻辑交交换机机A172.16.10.0/24VM4VM5逻辑交交换机机B172.16.20.0/24分布式逻辑路由器分布式逻辑路由器站点站点A边界网关边界网关上联网

11、络上联网络A站点站点B边界网关边界网关上联网络上联网络B17VMware NSX Multi-Site Single VC,Stretched ClusterSolution DetailRequiresasupportedvSphereMetroStorageClusterconfigurationInavMSCdeployment,storageisActive/Activeandspansbothsites.ExamplesofActive/Activestorageare:EMCVPLEX,NetAppMetroCluster(seeVMwareHCLformoreinformatio

12、n)StretchedclusterssupportLivevMotionofworkloadsUseL3forallVMkernelnetworks:Management,vMotion,IPStorageAllmanagementcomponentssuchasvCenterServer,NSXManagerandControllersarelocatedinSiteALatencyandbandwidthrequirementsaredictatedbyvMSCstoragevendor,eg10msRTTforVPLEXwhichalsoalignswithvMotionusingEn

13、terprisePlusvMSCenablesdisasteravoidanceandbasicDisasterRecovery(withouttheorchestrationortestingcapabilitiesofSRM)LossofeitherNSXComponentsortheDatacenterInterconnectwillresultsinafallbacktodataplanebasedlearningusingexistingnetworkstate.ThereforethereisnooutagetodataforwardingandwithoutvCenterServ

14、er,therearenoVMprovisioningormigrationoperationsNSXandvMSCarecomplimentarytechnologiesthatfitasweetspotforNSX(SinglevCenterServer)VMware NSX Multi-Site Single VC,Stretched ClusterVMware ESXiVMware ESXiVMware ESXiVMware ESXiSite ASite BStretched Workload ClusterVMware ESXiVMware ESXiVMware ESXiVMware

15、 ESXiSite ASite BStretched Edge ClusterCluster ConfigurationvMSC enables stretched clusters across two physical sitesIn an NSX deployment Management,Edge and Workload clusters are all stretchedUnder normal conditions all Management Components run in a Site A and are protected by vSphere HAThey are a

16、utomatically restarted at Site B in the event of a site outage.The management network is not stretched and must be enabled on Site B as part of the recovery run bookDependent on design,NSX Edge Services Gateways are either active in both sites or a single site and can also leverage HAVMs in the Work

17、load Clusters are automatically recoveredVMware ESXiVMware ESXiVMware ESXiVMware ESXiSite ASite BvCenterServerStretched Management Cluster19VMware NSX Multi-Site Single VC,Stretched ClusterIn a vMSC environment,DRS is used to balance resource utilization,provide site affinity,improved availability a

18、nd ensure optimal traffic flowUse Should rules,rather than Must as this allows vSphere HA to take precedenceExample DRS Groups,Rules and Settings for NSX Edges:VMware NSX Multi-Site Single VC,Stretched ClusterNSX Configuration(Option 1-Preferred)Transport Zone spans both Sites and VXLAN Logical Swit

19、ches provide L2 connectivity to VMsDistributed Logical Routing is used for all VMs to provide consistent default gateway vMACLocal Egress is provided by using separate Uplink LIFs and Edge GWs per site.Hosts on Site A have DLR default gateway configured via Site A Edge GW using net-vdr CLI.While Sit

20、e B DLR default gateway is via Site B Edge GWCaveat:Dynamic Routing cannot be enabled on DLR,or a static route set via NSX ManagerNSX Edge Gateways will have a static route for any networks directly connected to DLR.Consistent IPaddressing will simplify routing by allowing a supernet to be usedDFW p

21、rovides vNIC policy enforcement independent of the VMs locationVM1VM2VM3Web Logical Switch172.16.10.0/24Site ASite BDistributed Logical RouterVM4VM5App Logical Switch172.16.20.0/24Site A NSX Edge GW192.168.10.1Site B NSX Edge GW192.168.20.1Uplink Net A 192.168.10.0/29Uplink A LIF 192.168.10.2Uplink

22、Net B 192.168.20.0/29Uplink B LIF 192.168.20.2VM6VM7DB Logical Switch172.16.30.0/24Internal LIFs.1VMware NSX Multi-Site Single VC,Stretched ClusterNSX Configuration(Option 2)As per Option 1 Transport Zone spans both Sites and VXLAN Logical Switches provide L2 connectivity for VMsNSX Edge Gateways ar

23、e deployed per site with the same internal IP addressNSX DFW L2 Ethernet Rules are defined to block ARP to the remote GW using MAC Sets,which provides Local Egress as only the site local Edge GW is learnt.Future enhancement planned to enable ESXi host object for DFW*Caveats:Traffic flow between appl

24、ication tiers may be asymmetric if they are split across sites and DRS rules arent used Does not leverage Distributed Logical Routing and is limited to 10 vNICs per EdgevMotion will result in network interruption as VM ARP cache entry for site specific GW needs to time outCan be used if Option 1 isn

25、t a fit(eg,require Dynamic Routing or vSphere 5.1 support)Site ASite BVM1VM2VM3VM3Site A NSX Edge GW192.168.10.1Site B NSX Edge GW192.168.10.1Logical Switch192.168.10.0/24VMware NSX Multi-Site Single VC,Separate Clusters(2)Datastore 1Datastore 2vCenterServerL3NetworkSite ASite BVM1VM2VM3Logical Swit

26、ch A172.16.10.0/24VM4VM5Logical Switch B172.16.20.0/24Distributed Logical RouterSite A NSX Edge GWUplink Net ASite B NSX Edge GWUplink Net BStorage vMotion Required for VM Mobility23VMware NSX Multi-Site Single VC,Separate ClustersSolution DetailSeparatevSphereClustersareusedateachsite,thereforeDRSr

27、ules&groupsarenotrequiredStorageislocaltoasiteEnhancedvMotion(simultaneousvMotionandsvMotion)canprovidelivevMotionwithoutsharedstorageUseL3forallVMkernelnetworks:Management,vMotion,IPStorageAllmanagementcomponentssuchasvCenterServer,NSXManagerandControllersarelocatedinSiteASupportedlatencyrequiremen

28、tforEnhancedvMotionis100msRTT(vSphere6).vMotionrequires250MbpsofbandwidthperconcurrentvMotionThissolutionprovidesDisasterAvoidancewherelivevMotionissupported,byenablingworkloadstobemovedproactivelybetweensitesDoesnotprovideautomatedDisasterRecoveryVMware NSX Multi-Site Single VC,Separate ClustersVMw

29、are ESXiManagement ClusterVMware ESXiSite AvCenterServerCluster ConfigurationClusters do not span beyond a physical siteAll Management Components run in Site A,and will not be automatically recovered in the event of a site outage.Storage replication to a standby Cluster in Site B and a manual recove

30、ry process could be implementedSeparate Edge and Workloads Clusters are used per siteNSX Edge Services Gateways are active in a single site,with HA is local to the siteWorkloads are active across both sites and can optionally support live vMotionDRS affinity rules for workloads are not requiredVMwar

31、e ESXiEdge Cluster AVMware ESXiSite AVMware ESXiVMware ESXiSite BEdge Cluster BVMware ESXiWorkload Cluster AVMware ESXiSite AVMware ESXiVMware ESXiSite BWorkload Cluster B25VMware NSX Multi-Site Single VC,Separate ClustersNSX ConfigurationOption 1 with Distributed Logical Routing is unchanged from S

32、tretched Cluster configuration and is still recommendedFor option 2,as vCenter objects are not shared we can leverage NSX DFW L2 Ethernet Rules with a scope of the Datacenter to provide Local Egress.as only the site local Edge GW is learnt.No enhancements requiredSame caveats with Option 2 for Stret

33、ched Clusters also applySite ASite BVM1VM2VM3VM3Site A NSX Edge GW192.168.10.1Site B NSX Edge GW192.168.10.1Logical Switch192.168.10.0/24To Local Egress/Ingress or not to.As a first step,ask the customer if they have stateful services for traffic entering and exiting the Datacenter?This is generally

34、 the case and if so they will require a solution to provide Local Ingress for their applications.Eg,NATGSLBAnycastLISP,RHIetcIf they can address this,then a Multi-Site NSX solution providing Local Egress is a good fitIf they do not,other questions to ask are:Do they have high bandwidth between sites

35、?and is reducing operational complexity a goal?AnactiveNSXEdgeGatewayatonesite,withfailovertothesecondarysitemaymeetthecustomersrequirementsandismuchsimplerthanprovidingLocalEgress&IngressVMware NSX Multi-Site L2 VPN(3)Datastore 1Datastore 2vCenterServerSite A orOn PremSite B orOff PremVM1VM2Network

36、 A 172.16.10.0/24Site A NSX Edge GWSite A Uplink NetworkvCenterServerVM3VM4Network B172.16.10.0/24Site B NSX Edge GWSite B Uplink NetworkSSLSSLL3Network28存存储资源源设计存存储需求需求Site ASite BDarkFiber =200 kmMetro ClusterAggrXPlex0AggrYPlex1AggrYPlex0DWDMDWDMAggrXPlex1时延要求：vSphere要求RTT100ms存储同步复制要求RTT5ms30Met

37、ro Storage的两种的两种实现方式：方式：Uniform与与Non-Uniform31vSphere Metro Storage Cluster工作原理工作原理vSphereHAClusterStretched across campus or metro areavMSCCertifiedStorageMetro ClusterPlex1APPOSAPPOSAPPOSAPPOSAPPOSAPPOSPlex1APPOSAPPOSAPPOSAPPOSAPPOSAPPOSArray basedsynchronousreplicationPlex0Plex032vSphere Metro St

38、orage Cluster工作原理工作原理Standard vMotion of Virtual MachinesvMotionvMSCCertifiedStorageMetro ClusterPlex1APPOSAPPOSAPPOSAPPOSAPPOSAPPOSPlex1APPOSAPPOSAPPOSAPPOSAPPOSAPPOSArray basedsynchronousreplicationPlex0vSphereHAClusterPlex033vSphere Metro Storage Cluster工作原理工作原理vSphereHAClusterStorage takeovervMS

39、CCertifiedStorageMetro ClusterPlex1APPOSAPPOSAPPOSAPPOSAPPOSAPPOSPlex1APPOSAPPOSAPPOSAPPOSAPPOSAPPOSPlex1Plex0Plex0Plex0APPOSAPPOSAPPOSAPPOSAPPOSAPPOSSite shutdownfor maintenance34vSphere Metro Storage Cluster工作原理工作原理vSphereHAClustervMSCCertifiedStorageMetro ClusterPlex1APPOSAPPOSAPPOSAPPOSAPPOSAPPO

40、SPlex1APPOSAPPOSAPPOSAPPOSAPPOSAPPOSPlex0Plex0APPOSAPPOSAPPOSAPPOSAPPOSAPPOSPlex1Plex0AutomaticresyncMaintenance performed,site restored35vSphere Metro Storage Cluster工作原理工作原理vSphereHAClustervMSCCertifiedStorageNetApp MetroClusterPlex1APPOSAPPOSAPPOSAPPOSAPPOSAPPOSPlex1APPOSAPPOSAPPOSAPPOSAPPOSAPPOS

41、Plex0Plex0APPOSAPPOSAPPOSAPPOSAPPOSAPPOSPlex1Plex0Standard vMotionto return VMsAccess returned36存存储设备选型型兼容性网站：http:/ VPLEX for Stretched Metro ClustersRoadmapStretchedvSphereClusterSiteA(Active)SiteB(Active)10ms,IPorFCvCenterEstablishedVPLEXActive-ActiveSolutionInstantvMotionacrossdistanceVMwareHAau

42、tomaticallyrestartsVMsateithersiteforsystemorsitefailureBalanceworkloadsacrossbothsiteswithVMwareDRSSupportsVMwareFToutoftheboxAdditionalflexibilityofVPLEXMetroDoesntRequireFCCross-ConnectChooseIPorFCConnectivitybetweensitesThirdSiteIPconnectivitytoWitnessVMNoSPOFIfyouloseaDirector,nolossofaccessata

43、nysiteVPLEXVPLEXDualSiteDRSDualSiteHAInstantvMotionSiteC(OptionalWitness)VPLEXDistributedVirtualVolumes38Stretched Storage with IBM SAN Volume ControllerSinglesystemimageacrosstwositesprovidessinglepaneofglassmanagementforday-to-daystoragemanagementactivitySimplifymanagementofyourenvironmentatsameti

44、measdeployingactive-activestorageBaseduponarichandmatureplatformProvideReal-timeCompression,EasyTier,Non-disruptivemigrations,Longdistancereplication40,000enginesinstalledworldwide,11yearsfieldexperience250+storagedevicessupportedtoprovideback-endcapacityRetainyourexistinginvestmentinstoragedevicesK

45、eepflexibilityforthefutureActivequorumdeviceenablesautomaticfailoverNoexternalmanagementsoftwarePreventssplit-brainSupportsrecoveryincaseoffullunplannedsitefailurescenariosQuorumStoragePool1StoragePool2Site 1Site 1Site 2Site 2Site 3SVCStretchedCluster39来自存来自存储厂商的参考指南厂商的参考指南ImplementingVMwarevSphereM

46、etroStorageClusterwithHPLeftHandMulti-Sitestoragehttp:/ ImplementingvSphereMetroStorageClusterusingHP3PARPeerPersistencehttp:/ DeployVMwarevSphereMetroStorageClusteronHitachiVirtualStoragePlatformhttp:/ for Metro Cluster 2015Q3(计划划)SiteAFault Domain AFault Domain BFault Domain CVirtual SAN ClusterSi

47、teCSIteBvmdkwitnessvmdkvmdkwitnessvmdk从机架感知升级到站点感知：1，迷你容错站点专用于witness2，优先从本地站点读取数据以提升性能41议程程1同城双活技术方案2异地灾备技术方案42RTO,RPO,and MTD RecoveryTimeObjective(RTO)HowlongitshouldtaketorecoverRecoveryPointObjective(RPO)AmountofdatalossthatcanbeincurredMaximumTolerableDowntime(MTD)Downtimethatcanoccurbeforesig

48、nificantlossisincurredExamples:Financial,reputation43The Three Building Blocks For Disaster RecoveryvSphereVirtual SANEcosystemVDP AdvancedvSphere ReplicationSite Recovery ManagerVMwareArray-basedBackup copiesExternal StorageStorageComputeBackupandRecoveryReplicationDROrchestration44异地异地(同城同城)灾灾备解决方

49、案解决方案总体架构体架构45异地异地(同城同城)灾灾备解决方解决方案案多种映射关系多种映射关系主主备式切式切换双活切双活切换双向切双向切换双活数据中心双活数据中心ProductionRecoveryProductionRecoveryProductionProduction最常见的场景花销较大灾备架构主要用于测试，开发和培训等非生产应用有效降低开销两个站点均有生产应用每个站点为对方提供容灾支持两个站点的应用可以跨站点自由移动计划内事件零停机限制在城域范围内Site1Site2Production46网网络资源源设计2024/3/1 周五48“Protected”Site“Recovery”Si

50、teStorageStorageVMFS/NFSVMFS/NFSStorageVMFS/NFSVMFS/NFSReplicationSRM with NSX for vSphereNSX ManagerNSX Controller ClustervCenter+SRMvCACNSX ManagerNSX Controller ClustervCenter+SRMvCACFirewallRules&SecurityGroups49SRM with NSX for vSphereWhat has been validatedSRMcanmapVMsfromoneVXLANLogicalSwitch