思博伦通信云计算测试解决方案

PROPRIETARY AND CONFIDENTIAL 云计算测试 - ICTC2010 数据中心 Data center 云基础架构 Cloud infrastructure 应用安全 Application security 云服务 Cloud services 2 PROPRIETARY AND CONFIDENTIAL 思博伦通信公司 (Spirent Communications) 总部在美国加州 全球 1800多名员工 全球著名测试仪器提供商 通信测试行业的领导者 在网络性能分析和服务保障方面为用户提供全面先进的测试分析解决方案 3 PROPRIETARY AND CONFIDENTIAL 思博伦通信中国 现有北京，上海，广州三个代表处， 南京、杭州、武汉、深圳四个卫星办公室 亚太及中国区总部位于北京航空航天大学旁的世宁 大厦，投资 1000万美金，有员工 200余人 在中国建有思博伦全球第二大实验室 在中国有售后技术支持中心（ TAC）及维修中心 售后服务热线： 400-810-9529 售后服务邮箱： S 在国内有 Global Service 团队 负责专业认证培训 (SCPA， SCPT， SCPE)，在国内与清华大学，东南大学等多家高校合作，开设了思博伦学院专业认证培训和考试机构 自动化开发和培训服务 , 有 10多位专职自动化工程师为用户提供自动化平台和测试例开发 、 自动化培训等服务，成功实施的典型项目包括中兴数据事业部自动化平台，华为和华三的 VTP自动化平台和华为的 GT3000自动化平台。 测试服务，承担中国电信，中国网通，中国移动，中国联通等运营商或者大型专网的重要测试服务。与国家重点实验室（传输所 /数据所）建立战略合作伙伴关系 4 PROPRIETARY AND CONFIDENTIAL Applications VoIP Security QoS IPTV 40G 100G Routing Virtualization IPv6 5 PROPRIETARY AND CONFIDENTIAL 议程 云计算概述 思博伦通信云计算测试解决方案 数据中心与云基础架构测试 核心局域网 &存储网络基础架构（ Core LAN & SAN Fabric） 虚拟服务器局域网 &存储网络接入（ Virtual Server LAN & SAN Access） 云互联（ Inter Cloud connect） 应用安全与云服务测试 安全服务（ Security Services） 应用发布与优化（ Application delivery and optimization） 云服务（ X as a Service） 测试应用举例 6 PROPRIETARY AND CONFIDENTIAL 云计算概述 宽带网络接入 快速弹性和 扩展性 基于使用付费 按需自助服务 资源池 National Institute Standards and Technology (NIST)国家标准技术委员会定义： “ 云计算是一种可以方便的按需接入可配置共享计算机资源池 (如 , 网络 , 服务器 , 存储 , 应用和服务 )的模型。它可以快速供给、释放，最小化管理和与提供商配合。 ” 7 PROPRIETARY AND CONFIDENTIAL 云计算概述 Power usage effectiveness Green Grid提出 - 关注数据中心能耗效率的业界组织 PUE 是用来度量数据中心能耗效率的指标 PUE = 整个数据中心消耗的电能 / IT设备消耗电能 现代数据中心的 PUE值大概是 1.21 Battersea Power Station 典型的数据中心 Solar Power Seville 最新调查表明数据中心的平均 PUE值是 2.5 交换设备 UPS 冷却设备 通信设备 服务器 存储设备 数据中心架构效率 Data Center Infrastructure Efficiency (DCIE) 百分数， DCIE = IT设备消耗电能 /整个数据中心消耗的电能 8 PROPRIETARY AND CONFIDENTIAL 云计算概述 Multi-core & Virtualization enabling the cloud 过去： IaaS 单台主机 现在：一台服务器支持 16-48 VM 4 到 8 cores server 年底：一台服务器支持 96+ IaaS 32 cores 64 threads 9 PROPRIETARY AND CONFIDENTIAL 云计算概述 Network stack in the cloud Server/Hypervisor 物理 LAN & SAN 连接 (L1-2) 基础架构 Infrastructure 虚拟 LAN & SAN 连接 (L2-3) IaaS: 安装 Linux 或 Windows 的 Virtual server 平台 Platform application transactions (L4-6) PaaS: 虚拟主机 Web hosting, 数据库服务器 database server 软件 Software user content (L7) SaaS:网页邮件收发 webmail, 效力应用软件 productivity apps Server/Hypervisor IaaS PaaS SaaS SaaS PaaS SaaS SaaS U U U U U U U U IaaS IaaS PaaS PaaS 10 PROPRIETARY AND CONFIDENTIAL 关键的测试驱动 Cloud network performance性能 给虚拟和真实的基础架构带来更大压力 接入网络复用程度比例从 1:20到 1:4到 1:1，无阻塞 难以预防周期性的网络拥塞 不同业务对服务质量 (QoS)的要求越来越高 VLAN Priority 和 IP ToS/Diffserv 无论客户的服务是基于本地还是跨越基础架构 AVAILABILITY SECURITY SCALABILITY 11 PROPRIETARY AND CONFIDENTIAL 关键的测试驱动 Cloud network availability可用性 动态迁移 Live Migration 不需关电迁移 IaaS VM 自动资源调度 Automated resource scheduling 根据负载自动调度迁移 IaaS VM 高可靠性 High availability 硬件故障时迅速重启 IaaS VM 杀手应用 The killer apps for cloud data centers 高负载高带宽消耗 PERFORMANCE SECURITY SCALABILITY 12 PROPRIETARY AND CONFIDENTIAL 关键的测试驱动 Cloud network security安全 企业应用事件 transactions要多次跨域网络 多种安全选择 在广域网 WAN 在汇聚或核心 虚拟安全设备 IIS .Net Oracle Apache Web sphere MySQL PERFORMANCE AVAILABILITY SCALABILITY 13 PROPRIETARY AND CONFIDENTIAL 关键的测试驱动 Cloud network scalability扩展性 虚拟云网络 100x规模与复杂性 新网元 虚拟交换机 /防火墙等虚拟设备 480,000 IaaS 虚拟机（ VM） 480,000 MAC 和 IP 地址 应用和网络流量呈指数增长 云内或外部 Access Aggregation/ Core Virtual Cloud PERFORMANCE AVAILABILITY SECURITY 14 PROPRIETARY AND CONFIDENTIAL 关键的测试驱动 Unknowns of Cloud Services Will physical & virtual appliance scale the same? Are adjacent cloud services security threats? How do virtual appliances affect availability? What makes or breaks the quality of experience? Performance Availability Scale Security 15 PROPRIETARY AND CONFIDENTIAL 思博伦云计算测试解决方案 Remove the Cloud Unknowns AVAILABILITY Fail over Live migration SECURITY Encryption Simultaneous threats SCALE Subscribers Cloud TCO PERFORMANCE Realism Quality of Experience 16 PROPRIETARY AND CONFIDENTIAL 思博伦云计算测试解决方案 Core LAN & SAN Fabric Virtual Server LAN & SAN Access Inter Cloud connect Security Services Application Delivery Optimization X as a Service 端到端性能测试 应用安全 & 云服务 数据中心 & 云架构 17 PROPRIETARY AND CONFIDENTIAL Core LAN & SAN Fabric 市场趋势 Overview of the Market Trends 高密度无阻塞架构，成百上千的 10GbE端口 最大吞吐量下任意点到点 时延在 微秒级 FC、 FCOE接口将设备连接到核心架构 Core fabric IEEE, 数据中心桥接 DCB, 增强以太网性能 , 无丢包 支持 10,000s 虚拟机 MAC地址 40G/100GE线卡 2011成为标准组件 Juniper 128x 10G Cisco 256x 10G Brocade 256x 10G HP/3Com 144x 10G Voltaire 288x 10G Arista 384x 10G 18 PROPRIETARY AND CONFIDENTIAL Core LAN & SAN Fabric 测试应用举例 Overview of the use case Fabric Throughput RFC 2544 LAN, Draft DCB SAN & Converged Performance Fabric Latency RFC 2544 LAN, Draft DCB SAN & Converged Availability Fabric Access Control Security Fabric Address Capacity RFC 2889 LAN, SAN Scalability 19 PROPRIETARY AND CONFIDENTIAL Virtual Server LAN & SAN Access 市场趋势 Overview of the Market Trends 服务器融合 虚拟化服务器及 I/O 服务器接入的 LAN/SAN融合 刀片服务器和机箱的动态管理 20 PROPRIETARY AND CONFIDENTIAL Virtual Server LAN & SAN Access 测试应用举例 Overview of the use case LAN & SAN Throughput Virtual, Blade and Top of Rack switching Performance QoS during Live Migration & Vmotion Availability Virtual, Blade and ToR LAN and SAN switch Access Control Security LAN MAC and SAN N_Port address capacity Scalability LAN & SAN I/O STC 1G-100G Real SCSI target 21 PROPRIETARY AND CONFIDENTIAL Inter Cloud connect 市场趋势 Overview of the Market Trends 云提供商寻求提供从数据中心云到终端用户的端到端服务 服务跨越数据中心、运营商网络，需要实现冗余、可靠性、大容量和资源平衡 新技术不仅仅要传输 L2层数据中心，还要增加更多 L3功能 23 PROPRIETARY AND CONFIDENTIAL Inter Cloud connect 测试应用举例 Overview of the use case Inter Cloud and Fabric Extension Throughput Performance Live Migration WAN link QoS/QoE distance impact Availability Leakage and separation of services Security Capacity of routing/VPN protocols Scalability LAN & SAN I/O STC 1G-100G Real SCSI target 24 PROPRIETARY AND CONFIDENTIAL IDS/IPS Firewall Virtual Security Firewall, IDS/IPS Security services 市场趋势 Overview of the network 高端数据中心需要高性能设备 : 350,000/s新建速率 ,10 million+ 并发 Hypervisor虚拟安全设备 混合部署真实和虚拟设备 : 分担部分负责到虚拟防火墙 25 PROPRIETARY AND CONFIDENTIAL Security Services Firewall/IDS/IPS 测试应用举例 Overview of the use case IDS/IPS Firewall Virtual Security Firewall, IDS/IPS Maximum firewall bandwidth throughput Maximum new connections per second Performance Application response time at maximum throughput Impact of live migration on application response time Availability Impact on performance of DDOS attack Signature based attack mitigation cause and effect at load Security Maximum number of concurrent connections/sessions Number of concurrent connections at maximum throughput Scalability 26 PROPRIETARY AND CONFIDENTIAL Application Delivery Optimization 市场趋势 Overview of the network 高性能真实设备 : application acceleration, load balancing, rate shaping, SSL offloading Hypervisor 虚拟 ADC设备 : 单台虚拟 WAN加速器可以支持 50,000并发连接 混合部署真实和虚拟设备 : F5 Local Traffic Manager (LTM)发布虚拟版本 (VE)， 可以和硬件设备协同工作 Router WAN Optimizer Loadbalancer Virtual ADC App Optimizer & Loadbalancer 27 PROPRIETARY AND CONFIDENTIAL Application Delivery Optimization 测试应用举例 Overview of the use case Throughput of physical and virtual ADC Throughput of physical and virtual WAN Optimizer Performance Are advanced WAN accelerator policy working? If the loadbalancer goes down what happens to the incoming requests? Availability Impact of specific threats on physical and virtual appliances Impact of load on security policies Security Number of concurrent connections/sessions Secure and Clear Number of connections/sessions per second Scalability Router WAN Optimizer Loadbalancer Virtual ADC App Optimizer & Loadbalancer 28 PROPRIETARY AND CONFIDENTIAL X as a Service 市场趋势 Overview of the Market Trends AT&T, Verizon, NTT, Fujitsu, CHTTL, China Telecom, China Mobile， Korea Telecom, Telstra, Orange, BT, DT, KPN, Telefonica, Telecom Italia, Telia Sonera， 广电 Terremark, Savvis, Amazon, Microsoft, Google, Alibaba Expected to be $35B market by 2013 29 PROPRIETARY AND CONFIDENTIAL Platform and Software as a Service 市场趋势 Overview of the network 测试真实应用服务器性能 提供的 服务 包括 Platform as a Service Software as a Service Storage as a Service CIFS and NFS Virtualized servers hosting IaaS, Paas, SaaS 30 PROPRIETARY AND CONFIDENTIAL Platform and Software as a Service 测试应用举例 Overview of the use case Response time of Software as a Service Web application CIFS and NFS Storage as a Service throughput Performance Impact of live migration on application response times Impact on streaming media during live migration Availability Service authentication and login Security XaaS maximum number concurrent users/sessions XaaS number of users/sessions per second Scalability Virtualized servers hosting IaaS, PaaS, SaaS 31 PROPRIETARY AND CONFIDENTIAL 虚拟化 Hypervisor Virtual Machine Virtual Machine Windows Linux Virtual Machine UNIX Efficient Virtualization uses a lightweight Hypervisor (Type 1) on bear metal. Advantage Very efficient & Fast Disadvantage More tightly bound To specific hardware Platforms 32 PROPRIETARY AND CONFIDENTIAL Hypervisor Virtual Switch Virtual Machine Virtual Machine Windows Linux Virtual Machine UNIX Real World LAN 虚拟化 Spirent Test Center 真实 Spirent Test Center 如何测试 -数据中心和云基础架构 33 PROPRIETARY AND CONFIDENTIAL Hypervisor Virtual Machine Virtual Machine Windows Linux Virtual Machine UNIX L4-7应用层仿真产生真实压力 如何测试 -应用安全与云服务 34 PROPRIETARY AND CONFIDENTIAL HDD 方案：增加 I/O 解决问题 Server Load VHDD VHDD VHDD 实例：单个 I/O的潜在问题 SAN HDD I/O HBA HBA HBA CNA CNA CNA Internet Hypervisor Virtual Machine Windows Virtual Machine Virtual Machine Linux UNIX HDD 35 PROPRIETARY AND CONFIDENTIAL Hypervisor Virtual Machine Virtual Machine Windows Linux Virtual Machine UNIX 模拟真实应用压力流量进行业务访问 实例：应用压力导致内存耗尽 36 PROPRIETARY AND CONFIDENTIAL Hypervisor Virtual Machine Virtual Machine Windows Linux Virtual Mac