This story is from the category Innovation and the dossier Infrastructure services

Virtual machines for central IT

Thanks to SWITCHengines, universities will soon be able to treat virtual networks as part of their own network.

Text: Simon Leinen, published on 16.02.2016

SWITCHengines was developed first and foremost to meet the needs of researchers and teaching staff. The service offers easy access to flexible computing and storage resources for scientific work. However, it has also become clear that SWITCHengines can be useful for a university's central IT department. SWITCH is following this approach, for example, in the Virtual Private Cloud (VPC) work package of the SCALE-UP project, part of the swissuniversities P-2 cooperation project. The aim of this work package is to enhance existing infrastructures by increasing redundancy with the aid of SWITCHengines. Virtual machines can be integrated into the campus network, and internal services can be accessed easily behind the firewall. SWITCH is working with various universities of applied sciences so as to have a clear picture of real-world use cases for VPC.

Tom Schönenberger, Head of IT at FHS St. Gallen, University of Applied Sciences, is looking into the topic of georedundancy. The intention here is to ensure that university operations can continue even if there is a major disruption like a fire in the main computing centre or a lengthy power cut over a wide area. Besides operating a classic secondary computing centre at the St. Gallen University of Teacher Education, he is investigating how suitable SWITCHengines is for this purpose.

Several FHS St. Gallen servers have been replicated in SWITCHengines as a trial: a Wordpress-based IT portal, the public web server (IBM Domino) and a service monitoring tool (PRTG). These servers can be integrated transparently into the university's productive environment behind the existing load balancer.

Challenges

This work has brought to light a number of limitations as regards working in the cloud:

  1. Firewall blocking: Access to cloud instances running on other IT systems on the internal network is problematic because firewalls tend to block access from outside or from "foreign" address ranges.
  2. Load balancer as cloud service: As long as the load balancer is located at the university, this setup is not truly disaster-proof. It would be better if the load balancer itself were also a redundant cloud service.
  3. Performance fluctuations: The performance of the server instances on SWITCHengines is normally just as good as that of the servers operated in-house. However, significant fluctuations in performance can occur when the SWITCHengines infrastructure is under a heavy load.

Solution approaches

These limitations have led to the main focus of tasks in the VPC work package:

  1. VPN as a service: Virtual private network as a service (VPNaaS) must be added to the existing software-defined network (SDN) functions of SWITCHengines. This would allow an institution to work on logically isolated networks within SWITCHengines using its own IP address ranges. These networks would be connected to the campus network transparently and securely by means of a "tunnel" mechanism, which has yet to be defined.
    The OpenStack platform on which SWITCHengines is based already contains VPNaaS functionality, but its performance and stability for use by IT organisations still have to be verified. Since all Swiss universities are linked up to the SWITCHlan backbone, the powerful and proven site-to-site VPN service Optical Private Network (OPN) could be used for this purpose, although it would first have to be integrated into OpenStack/SWITCHengines. The prospects here are good because a new implementation of OPN is currently being developed, and it is based on the same type of hardware that SWITCHengines uses.
  2. LBaaS, IPv6, Anycast: The OpenStack platform already has mechanisms that can be used for the load balancer as a service (LBaaS) in SWITCHengines. There are also some interesting expansion opportunities thanks to synergies with the SWITCH backbone, such as IPv6 support or using IP Anycast and dynamic routing as an alternative to conventional load balancing. We at SWITCH will test and roll out these functions successively over the coming months.
  3. Higher performance and stability: SWITCHengines will benefit from a significant capacity upgrade in the first quarter of 2016, and we are well equipped to handle further upgrades as needed.

The possibilities SWITCHengines offers today are already enough to satisfy some of FHS St. Gallen's requirements. The work that will be done this year as part of the VPC work package will allow SWITCHengines clients to integrate the service even more effectively into their campus network. This will mean that SWITCHengines can be used to create bespoke solutions that would be hard to achieve with commercial cloud providers.

This article appeared in the SWITCH Journal March 2016.
About the author
Simon   Leinen

Simon Leinen

Before working on the IT infrastructure of several institutions at the Federal Institute of Technology in Lausanne, Simon Leinen studied IT in Berlin. He has worked at SWITCH since 1996 and is currently a Cloud Architect.

E-mail
Other articles