Rethinking Linkages Driven by IT Operations Transformation

<<>>

While the outcomes of IT operations development may not be as timely or visible as the results of enterprise information construction, without sustained investment in IT operations management, enterprise informatization would be absolutely impossible to achieve. From the early days of simple standalone management to today’s enterprise cloud management and operations, IT operations management has quietly grown from a seedling into a thriving, robust tree.

Looking back at the entire history of IT management, IT operations have undergone transformation after transformation, each bringing new directions for thought from different layers and perspectives. Now, with the trend toward集约化 enterprise data centers, IT operations are facing new changes—changes that compel enterprise IT managers to engage in deeper reflection.

Transformations in IT Operations

In this transformation, the most noticeable change is in the foundational platform, and at the core of that change is the widespread adoption of virtual machines and virtual networks.

Although virtualization technology has brought significant cost savings and application convenience to enterprise IT, for IT operations management, managing virtualized environments undoubtedly marks a major shift in the evolution of IT management. The implementation of virtualization has turned originally rigid network infrastructures into something flexible and dynamic. Managing virtual servers and virtual networks has rendered traditional manual operations and legacy O&M systems inadequate.

At the same time, while highly consolidated data centers save on computing costs scattered across various locations, the core enterprise data center has become more complex and massive. Whether it is computing resources like servers or network resources like switches, their node counts and interdependencies have become far more intricate. To IT operations personnel, these resources are disparate elements; managing them with traditional methods often leads to focusing on one while losing sight of another.

Furthermore, the落地 of private clouds requires IT managers to perform integrated management of the underlying IT infrastructure platform and the upper-layer application systems. Only in this way can they truly build a model where informatization supports actual business, laying a solid foundation for future IT upgrades.

Thoughts Sparked by Transformation

When transformation occurs, failure to proactively respond inevitably leads to imbalance, and the consequence of imbalance is the collapse of IT construction. Technological development brings new IT operations requirements. What service providers need to do is find theoretical methods and technical means to address these changing needs. Meanwhile, user IT managers need to find reasonable solutions and deploy them rapidly.

In fact, whether for users or IT operations service providers, the core objective they pursue is the same: unified, integrated management of dispersed IT resources. The difference is that IT operations service providers are the technology providers solving the problems, while users are the solution consumers.

For unified integrated management, what aspects need to be integrated? Through what means can unified management be achieved? Regarding these questions, H3C’s iMC2.0 Data Center Management Solution offers valuable reference points.

To achieve unified integrated management, the problems that need to be solved can be divided into four directions:

1. Integrated Infrastructure Management;

2. Intelligent Automation Management;

3. Comprehensive Security Control Policies;

4. Open IT Management Architecture.

Integrated Infrastructure Management Includes:

1. Unified Network Management Platform. Real-time monitoring of vast numbers of network and server nodes through a unified network management platform, achieving accurate fault detection, alarm, and precise location through effective threshold settings.

2. Virtual Network Management. Combining virtual networks with physical topology maps to dynamically display changes and migrations of virtual networks and virtual machines, managing the originally abstract VMs and virtual networks in a concrete manner to help users solve virtualization management bottlenecks.

3. Server Application Management. Implementing monitoring for the computing core, monitoring the server’s own hardware configuration as well as related operating systems and virtualization systems to ensure the stable operation of the business computing core.

4. Business Traffic Analysis. Analyzing network traffic and related data packets to, on one hand, ensure bandwidth stability for relevant businesses while measuring the IT resource needs of different business operations, and on the other hand, eliminating security risks through network traffic analysis.

Intelligent Automation Management Should Have the Following Characteristics:

1. Automatic Virtual Resource Migration. Server virtualization provides features like VM migration, High Availability (HA), Fault Tolerance (FT), and Dynamic Resource Scheduler (DRS) to ensure the reliability and flexibility of VM systems. These features all affect the physical deployment location of VMs. When a VM accesses a physical network device, it requires specific network resource configurations. The dynamic nature of its access location demands that physical network configurations provide on-demand management capabilities; otherwise, the connectivity, security, and reliability needs of the VM cannot be guaranteed. To achieve dynamic migration and on-demand network configuration, accurately locating the connection relationship between the VM and the physical switch is the key capability. The emerging 802.1Qbg standard not only ensures that all network traffic must be processed on the physical switch but also addresses the need for locating the connection relationship between VMs and switches through protocols like EDCP/CDCP/VDP. On the other hand, the 1:N connection relationship between a physical switch port and VMs makes fine-grained control of network configuration for each VM very complex. H3C’s implementation of the 802.1Qbg scheme provides better support for solving this problem by supporting the vPort concept on physical switches. iMC realizes automatic migration capabilities for network configurations in virtualized environments based on 802.1Qbg. Simultaneously, based on iMC’s integrated topology analysis capabilities for networks, servers, and VMs, it supports automatic migration capabilities for network configurations in vSwitch environments. First, network resource types are defined according to the network resource requirements of user applications. Then, these network resource types are assigned to different VMs, so that when a VM migrates or starts up, the corresponding network resources are automatically allocated in the network devices.

2. “Zero Configuration” for Data Center Devices. The “zero configuration” mentioned here refers to the configuration relationship between relevant devices and the IT O&M system. For enterprise users, the brands of internal IT equipment are numerous, and the replacement cycle for relevant devices is relatively frequent. If the O&M system needed to record configurations for every device, the workload would be immense and tedious. iMC’s “zero configuration” refers to the IT O&M system’s automatic identification of relevant devices and the automatic collection and capture of relevant monitoring data. This not only saves the deployment time for the O&M system but also reduces the work costs for managers.
 
3. Automatic Orchestration of Network Services. In the cloud-era data center environment, we no longer face a static device environment; the infrastructure may continuously grow and adjust as business needs change. To shield the differences between devices from different manufacturers and models, allowing IT administrators to focus on the service itself, it is essential to achieve rapid provisioning of resources and services, realizing highly intelligent automated management. iMC leverages integrated resource management capabilities to abstract the capabilities provided by various resources, establish a unified mechanism, and achieve business-based orchestration capabilities.
 
4. Automatic Measurement of IT Service Levels. According to the ITIL (Information Technology Infrastructure Library) specifications, data center IT service departments use Service Level Management (SLA) to ensure service effectiveness, establishing a service health level monitoring system to guarantee that services meet the specified health level grades. Even if a service fails, it can help correctly analyze the cause, aiding the IT service department in making correct response decisions.

Essential Elements of Comprehensive Security Control Policies:

1. Configuration Compliance Check

Data centers are large-scale, with numerous devices and systems. A problem administrators frequently face is the standardization and security of configurations across a large number of repetitive devices. As various audit systems increase in level and frequency, traditional audit methods relying on manual checks for device standardization are not only inefficient but also prone to omissions, making them unable to adapt to the security control needs of cloud-era data centers. It’s often said that security is “30% technology, 70% management.” To handle that “70% management,” iMC’s configuration compliance check comes with built-in common policies, such as NSA routing security recommendations, PCI, Syslog functions, and advanced device security recommendations, to meet users’ daily inspection management needs. Users can customize compliance policies to perform configuration checks on network devices. A compliance policy includes one or more check rules, with a rule being divided into different types such as configuration files, interfaces, links, aggregate links, configuration snippets, and scripts, containing information like supported vendors, device series, source of check content, and rule content. Users can create check tasks to verify whether devices comply with compliance policies; the check task includes information like the compliance policies to be checked and the devices involved. After the check task is completed, information about device non-compliance can be viewed through reports. For non-compliant devices, users can create violation remediation tasks to fix them, promptly resolving configuration issues that arise in the data center environment, improving security levels and compliance with various laws and regulations.

2. Device Operation Audit

Device resources are the fundamental resources of a data center, and the security of device management is also an important part of information security. Unlike configuration compliance checks, iMC’s device operation audit starts by verifying the identity and permissions of administrators logging into devices. Based on rules set by the enterprise, it reasonably allocates device access permissions, i.e., specifying which devices management users can access, what commands they can execute, what operations they can complete, and recording detailed operational behavior information of device administrators. This facilitates future historical backtracking and fault judgment and analysis. iMC’s device operation audit is implemented via the TACACS+ protocol, providing access context-based control policies, unified monitoring of device administrators’ logins and command-line operations execution, supporting devices from mainstream vendors, simplifying the process for operators to refine permissions for device administrators, and bringing convenience to management.

Characteristics of an Open IT Management Architecture:

<

Leave a Comment

Your email address will not be published.