Episode #329: Introduction to Virtualization Infrastructure Design

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hello again as you know I'm Eli the computer Valley this is episode 328 introduction to virtualization infrastructure design so as I talked about in the real world the problem that I have with new technicians and the big problem that new technicians have is although they understand how to do the configuration settings for technology things like virtualization they don't really understand why they are using it or what they are supposed to do so this is not going to be a technical episode I'm not going to be opening up any control panels but we will be going over to the whiteboard so I can discuss I can talk about how you design your virtual infrastructure and why you would do it so back in the old days Oh 10 years ago whenever we would build out server rooms or whenever we would build out infrastructure every single server was connected directly to the hardware so if we wanted an active directory server we had a physical active directory server we wanted an email server we had a physical email server if we wanted some other type of server we would have a physical server so when you would walk into a server room many times you would see anywhere between 3 to 10 servers all doing their own thing and that is how we would build server rooms um it was very good for the time it worked very well but now that we have virtualization technology it's now not as good as it used to be we can buy far less hardware and have much more secure robust systems than we could before so before if we wanted 10 servers that meant we actually had to have 10 physical boxes 10 physical servers in that server room now if we want 10 servers we may actually be able to put all ten of those onto a one physical box that means that we can save money it's easier to configure you don't need as much physical room to stoke storage so on and so forth if we use type 1 hypervisor x' with high availability we can connect multiple physical servers and then have instances of the operating systems be able to balance around on those physical servers at will so with these new new types of technology we can do things nowadays that we could not do in the past that can make our systems more reliable more secure and less expensive and remember the less our clients spend on the hardware the more they can pay us to configure the hardware so in this episode we're just going to be talking about how we build out this infrastructure and the reasons for why we do it so let's go over the whiteboard so i can explain some of these things to you so talking about virtualization right now basically we are going to be talking about type 1 hypervisor x' so when we're talking about type 1 hypervisor x' we're talking about fair metal hypervisors so this is not VirtualBox this is not virtual PC these are things like ESX I ESX I or Xen server basically what happens is you have a box you install ESXi or XenServer onto that box and then you install the instances of your operating system directly onto a xxi or Zen server there's no windows here there's no Linux as you would know it there's no Unix as you would know it a type 1 hypervisor is a kind of operating system but all it is used for is to control these instances of virtual operating systems we did the episode on type 1 hypervisors basically how this is controlled is you have another computer somewhere else that is called the manager computer or the management computer in VMware you use something called vSphere this connects to the type 1 hypervisor server to actually control all of these different instance is of operating systems so when we look at this the first reason that we may think of using type 1 hypervisor x' and building out a virtual infrastructure is simply so that we can have a number of different operating systems running on one single piece of hardware now you may be asking why this is why would we want numerous different instances of operating systems running on one piece of hardware well if you know anything about security now if you know you know what to worry about with hackers what you realize is that the more capabilities a server has the more vulnerable the server is so no matter what server software you're using whether you're using Active Directory or FTP or VPN or Apache web server all of those to provide specific functions but they also have specific vulnerabilities so the problem is is if you have one box over here that has both Active Directory and it uses iis which is Windows Internet Information Services and let's say it does some kind of FTP the problem with this design if this is all sitting on one box is if somebody can compromise the iis server so the iis server is a web server so WW so somebody comes in from the Internet cloud they're able to get into the iis server they're able to compromise that somehow well once they've compromised that iis server they can now attack your Active Directory they can now attack your FTP they can now attack any other services or anything else going on in the server because it's all in one box if they compromised the active directory they also compromised the iis it compromised the FTP they also compromised the the active directory so since all of this is on one single box it has all this functionality but it also has Boehner ability so remember that whenever you're dealing with servers the more functionality the server has the more vulnerable the server is so the reason that you would want numerous instances of operating system a hard piece of hardware is because that means one instance can be an Active Directory server one instance can be an iis server and the last instance can be an FTP server so you can now divide these out and have these services running as their own individual servers on the same hardware so so if a hacker gets in and compromises the iis server the Active Directory server is still cocooned within its own virtual machine and so it can't easily be hacked from the iis server same with the FTP so the reason you divide these out into their own instances of operating systems is to secure them the less each individual server does functionally the less vulnerable it is which then protects your overall system again if you have all this stuff built on one box one server one thing it gets compromised and and it takes everything else down by having these individual instances one you limit the overall number of vulnerabilities and then even if a hacker gets into it well then you know it only compromises that one instance of an operating system it doesn't compromise everything else so that's the first reason you do this so like with this one piece of hardware you know you can make this you know literally have I don't know 20 gigs of ram which would be more than enough to run all this and and this one little box is only going to cost you like $1500 so for $1,500 you can get one piece of hardware you can put on some virtualization software blah blah blah and you have a nice little robot system here now as we talked about so that's why you would do it from a security standpoint now from a robustness standpoint what you can do is you can then connect numerous physical servers and have them managed with vSphere or ESXi so that these instances of operating systems can be migrated at will or migrated automatically so let's say that the power supply in this particular fales well with virtualization what can happen is if the power supply fails these servers will automatically be moved to a different physical server and everything stays running and many times the end users don't even realize it happened so before remember when we're talking about those 10 servers all sitting in a rack if the if the power supply for the active directory server failed actor is active directory failed for the business it was down well now since we can cluster these servers in this whole virtualized environment if the first server if the powers apply again it physically fails it can simply migrate the instance of the active directory server to one of the other pieces of hardware in the cluster and then it keeps running not only that but depending on what management software you are using you can use this to migrate servers as resource load increases so now when businesses nowadays you know we all keep talking about the cost of energy keeps going up electricity bills keep going up and up and up and up and up well these servers especially 1u servers or powerful servers eat up a lot of energy one of these servers may eat up to 500 dollars of electricity per year if you have 10 servers in a rack that's five thousand dollars in electricity alone right now as you know most of these servers are most of the servers the operating systems don't need the full utilization of the hardware all of the time so when people come in in the morning and they start logging into the Active Directory server that spikes the resource requirements of that Active Directory server needs for a short amount of time and then it goes down again so this Active Directory server for about half an hour every morning may need five gigs of RAM for half an hour for 23 and a half hours every day it needs one gig of ram well what you can do with the management software is you can actually have these other pieces of hardware powered down or hibernates state so they don't burn up electricity as soon as one of your server starts needing more resources than the physical piece of hardware it's currently on can cope with this instance will automatically be migrated to another piece of hardware so this piece of hardware will actually be turned on automatically and the Active Directory server will be migrated to it automatically so it will go along for 30 minutes or 40 minutes for an hour until the resource requirements go back down to where of it can manage on the first piece of hardware and then will automatically migrate back and this server will be powered off and shut down so again as I tell you guys the entire brand of Eli the computer guy I am NOT simply trying to teach you technology from the standpoint of a consumable prosumer you are supposed to be IT professionals IT professionals have to worry about more than simply what antivirus to buy or even what hypervisor to use you guys have to worry think about things like power consumption so $5,000 a year that's a decent amount of money and that's for like 10 servers what if you have 20 servers or 100 servers you have a hundred servers running 24 hours a day that could be $50,000 a year by simply using some of this virtualization technology you know for twenty five thousand dollars in software licenses for this virtualization technology you could have a return on investment you can make all your money back within six months so that's one of the things to think with it so we're dealing with a virtualization the first reason we divide everything off in the instances is for the security component and then why we use these type 1 hypervisor ziz for the robustness so if one physical piece of hardware fails everything just gets migrated to the other piece of hardware the final thing that we need to be thinking about there one of the last things we need to be thinking about in this whole virtual infrastructure environment is that again as we start going to cloud computing what we are trying to do is we are trying to separate all of the computing functions away from the hardware so again back in the old days you know if you have you had a file server that file server ran the operating system and store the data and all of that again if the power supply failed everything failed well the idea with virtualization is we're trying to separate all these things out for security and for robustness so one of the ways that this is done now is especially with Zen server so Zen server is by Citrix when you set this up your instances of the operating system actually run on these different pieces of hardware but the data is stored over here generally in something called a sand a storage area network so when we've been talking about virtualization here we've been talking about instances of the operating system for realizing the operating system well with sand what a sand does a storage area network is it sends data over numerous pieces of hardware that are used for storage kind of think of sands much like raid we're done an array of inexpensive disks you know how you do redundancy and a single computer for your hard drives only if you're using entire physical boxes so these are individual computers that are set up in a sand the data is automatically migrated and made redundant through all these different servers so if one entire server fails you still have all of your data depending on how the sand is set up maybe if two entire servers fail you still have all your data so sands are clusters of servers that just store down so what we can do now is these instances of the operating system to the hypervisors they connect to the sand using something called I scuzzy that that's its own class we'll talk about it later basically this is a protocol for being able to send data over networks but what makes it special is you can actually mount the drives in the sand so as far as these instances of the operating system are concerned their hard drives are actually here on the sand so with this we now have the complete redundancy of all the data and we have the redundancy and the security and the reliability of all these instances of operating systems so now with a little bit of of planning and a lot of work to set this up we now have a very robust system our data is stored on a sand which is multiple pieces of hardware that store the data if one fails it stays up if two fails it stays up depending on how it's set up you know two three four five six you may have you may have a sand that has two servers in it or ten it all depends how it is but that's completely redundant then we have a diverter Aliza type 1 hypervisor x' they are redundant they can move the instances of these operating systems around at will and it's all very good so basically with this virtualized environment we can have numerous different instance of the operating system can all be secure blah-blah-blah-blah-blah now the final thing with with with how we set up these these virtual servers is again remember the less a single server does the less vulnerable it is so the more stuff that is on a single server the more vulnerable you know how how we talk about what have we had this one server with Active Directory and iis and FTP somebody compromises the iis the Active Directory goes down well one of the issues too when you have servers like this where everything is on one server is things like the firewall so instead of having a couple of ports open to the outside world to the server can communicate you have to have the ports open for all these different network services the more ports you have open on a server obviously the more wall bull it is well when you start dealing with the enterprise environment you want your servers to be as as not vulnerable as secure as possible so when we talk about those instances of separating out the Opera via the services on two different operating systems the reason we do that is because let's say we have a web server right and so that web server is connected to the Internet so we have our router and then under it we have our web server and so normally when you're thinking about this web server you're thinking is going to have a patchy on it you think it's going to have my sequel on it you think it's going to store data so on and so forth but again the problem with this is is if somebody can do a sequel injection properly they can compromise the server and everything else on it if they can get in there and screw with your path your screw with the data they can compromise this entire server so what they do is in a layered Network what they would do is they would install Apache on this server actually they would install apache2 so whenever anybody comes from the outside world they would get to the server and that the Apache 2 would be installed on it then what they would do is if you're dealing with a website that can text to a database you would actually build an entirely different server so in this instance we would create an instance of a server that just had them my sequel database you would then connect through the web programming your web program to the my sequel database on this server but the thing is with a server we can now shut down all the ports we don't need so we can only open the port's that we need for my sequel to talk to the web server and on those ports on the local firewall we can also say that we will only talk to this web server so if somebody tries to come in and tries the hack and tries to connect as my sequel server we've set up the firewall so it will only talk to the web server so if you come from the outside world and come to the web server the web server wants to run a query so it goes down the my sequel server for the information my sequel server responds back to the Apache server and the Apache server then sends it back out to the user on the Internet if somebody can try to come in and compromise the local area network if they try to get to the my sequel server from the local area network that connection will fail because the firewall is configured to only talk to the web server the same can be said for whatever your like your FTP server so if you have a file server all the data would be stored on the file server the Apache server asks for the data when it gets it back it then sends it up to the web and whoever's using it so this is one of the ways that you can secure your network again it makes it more robust more stable so on and so forth the more what you have to remember is the less your server does the less vulnerable it is the more your server does the more vulnerable it is and it's almost exponential putting it's not simply that if you have if you have one vulnerability because you have a patch on the server and then you put my sequel on it that means you did level of vulnerability is two it's more like the level of vulnerability is three or four or five the more stuff you put on the server it exponentially gets more vulnerable and therefore people can attack it so this is why it's great to have these instances of operating systems on hypervisor because I can just have one hypervisor here and I can have my web server here and I can have my my sequel server here and I can have my FTP server here I can set up the firewalls to communicate between all these and again somebody compromises the web server my sequel is still ok FTP is still ok so my compromise is the FTP everything else is still ok this is how it works this is why it makes it it much much more secure better ba-ba-ba-ba-ba I think I think maybe that will be my explanation in the future whenever anything gets too complicated to explain to you guys or just be like bah bah bah bah bah don't you understand blob it's a blah now but but but this is cool this is this is really great again for a lot of you new guys you probably don't realize how awesome this is one of the nice parts with this too is remember whenever we normally buy servers how we've gotten used to buying servers is whenever we bought a server from Dell or HP or Lenovo it always had the operating system installed right well that operating system a server operating system will cost you an additional five hundred to a thousand dollars so if you buy servers without the operating system the each individual piece of hardware is a lot less expensive right so again with how this works now it can be a lot less expensive than you may realize you can buy a very nice piece of server hardware for only $1500 you install ESXi on it depending on what licensing you use it may even be free and with that you can move these instances of operating systems around you can create instances of operating systems on that one piece of hardware so you could you have one piece of hardware use ESXi create a 2008 Active Directory server in an instance and Ubuntu web server on an instance and an FTP server on an instance and they are all secure in their own world before you would have had to buy three physical pieces of hardware so it may have cost you $5,000 now since you only have to buy one physical piece of hardware and the operating system license it's going to cost you $2,500 so these are the things that you should be thinking about again any IT guy any IT professional as I've talked about in the past or now you guys need to start learning Linux you guys need to start deploying virtualization they're still with IT people we still have this idea of every piece of hardware needs its own operating system so that's how a lot of times we still function but we need to start thinking about this virtualized world where you have the hardware and then you have all the instances of the operating system going in doing all their different stuff you also do need to start learning about sand storage area network things like FreeNAS for being able to store data on the network because again this is going to be coming more and more and more important technology that if you deploy it properly your clients are going to be happy your end-users going to be happy and you're going to have a lot less work to do so so those are some of the some of the things you should be thinking about so as you know I'm Eli the computer guy this was episode 328 introduction to virtualize a virtualization infrastructure design you guys need to start thinking about this this infrastructure design and virtualization because this really does change the game when you see these commercials they have every once in a while where they talk about the boss comes in and in his big circuit where where he used to have a big server room with a thousand servers he walks in and now there's like one computer sitting in a corner that does everything that is what we're getting to in the virtualized world some these servers that you can build for even ten thousand dollars can have over 200 gigs of RAM with with solid massive solid-state hard drives you know one of those $10,000 servers could could could host 20 or 30 instances of operating systems that have them run run really really really well and it'll be more secure or more robust so on and so forth so so I enjoyed taping this episode and look forward to seeing in the next one
Info
Channel: Eli the Computer Guy
Views: 89,120
Rating: 4.9445629 out of 5
Keywords: Eli, the, Computer, Guy, type 1 hypervisor, san, storage area network, virtualization, virtual computer
Id: Kiftbm1L_eQ
Channel Id: undefined
Length: 25min 35sec (1535 seconds)
Published: Wed Nov 07 2012
Related Videos
Introduction to Virtualization
Eli the Computer Guy
887K
Overview of Our Managed IT Services Offering at Lawrence Systems
Lawrence Systems
47K
Special Lecture: F-22 Flight Controls
MIT OpenCourseWare
889K
iOS 15 Settings You Need To Turn Off Now
Payette Forward
3.2M
Office Hours- Tech Questions and Answers (9/9/21)
Eli the Computer Guy
3.6K
NAS and SAN Introduction
Eli the Computer Guy
350K
How To Pay Yourself As An LLC
Karlton Dennis
1.1M
Unleash Your Super Brain To Learn Faster | Jim Kwik
Mindvalley Talks
12M
How to build your awesome virtualization home lab with VMware vSphere 6.0 (ESXi & vCSA)
Paul Braren
1.1M
Engineering and Civilization: Bridges, Infrastructure, and the Sources of Success and Failure
Case Western Reserve University
9.2K
Introduction to Active Directory Directory Services Structure in Windows Server 2012
Eli the Computer Guy
1.6M
CompTIA Network+ Certification Video Course
PowerCert Animated Videos
3.6M
Why do big Companies use Java, and NOT PHP?
Stefan Mischook
147K
Understanding Mesh Networking (feat. MikroTik Audience)
Gary Explains
20K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.