解决了

网络和存储分离

n
徽章 +9
大家好,

我目前的客户使我正在研究设计,该设计意味着要部署具有大量安全性内部安全性的XAA板块(NSX在库克列表上)。在我们的团队中,我被宣布为Nutanix男子。

我的任务是确定隔离零件工作负载的最佳方法:
  • 我们将拥有一个集成区,开发需求和生产区为PAAS。
  • 一些节点将执行重型VDI(K2图形卡将实现这一目标),
  • 然后,我们将与vCloud SP一起使用Sandbox区域)。
因此,我们可以想象某种多群集,其中3个专用于3个区域的集群:3D VDI区域 /沙盒IaaS区域 /和PAAS区域。它意味着至少9个节点,对于启动板形式来说太多了。

我的问题是,我可以为Nutanix /存储点制作一个6个节点簇,所有6个节点上都有3卷池?
不仅如此,它在存储性能,数据保护,数据分离方面意味着什么(安全团队会在这部分中挑战我)?
最后但并非最不重要的一点,我可以在容器级别上实现这一目标吗?

此致,

托马斯·查尔斯
图标

最好的答案CBROWN2015年11月2日,18:51

\n
\nIf setup incorrectly (for example by not keeping the VMs on the hosts that have their SP's disks) we would lose data locality, but that's about it.
\n
\nAnd yes, Zookeeper and Cassandra will continue on as normal. Assuming 3 2-node blocks, you should keep ZKs on separate blocks but beyond that it doesn't matter too much. There's a couple of choices you can have for actual deployment:
\n
\n1) Ability to shutdown block without affecting any layer
\n
\n

<\/a><\/p>
\n
\nIn this deployment any block can fail without taking down any of the layers, but if you need to shutdown one of the layers for maintenance you need to shutdown the whole cluster
\n
\n2) Ability to shutdown application without affecting other applications:
\n
\n

<\/a><\/p>
\n
\nIn this case any application can go down without affecting the other applciations, but if they want to shutdown a block for some reason {EDIT:} an application layer needs to go down {not the whole cluster}
\n
\n
\nJust to add another wrech to the deployment, you could do an RF3 cluster with RF2 containers. In that case you can lose 2 nodes without affecting the cluster as a whole, but if both nodes failures are from 1 application that application will go down without affecting the other applications. This plus the setup from the first scenario up there give you the ability to withstand both failure scenarios. There is a small performance hit here. They also wouldn't be able to spin out the nodes into a new cluster easily here (as RF3 requires 5 nodes) which makes this a less then ideal solution.","className":"post__content__best_answer"}">

查看原件
[b] @virttom [/b],实际上是富裕的,新技术迷,欧洲武术家(或某种;))
\n
\nMy present client is making me working on a design implying to deploy a XAAS plateform with a lot of security inside (NSX is on the cook list). In our team, i was declared as the nutanix man.
\n
\nMy mission is to determine the best way to isolate storage from diffrent workload :
\n
    \n
  • we'll have an integration zone, a developpement and a production zone as PAAS. \n
  • Some node will executed heavy VDI (K2 graphic cards will achieve this), \n
  • Then we'll have a IAAS with vcloud SP for the sandbox zone).<\/ul>So we can imagine some sort of multicluster with 3 cluster dedicated to 3 zones : 3D VDI zone \/ SANDBOX IAAS zone \/ and PAAS zone. It implies at least 9 nodes which is a bit too much for starting plateform.
    \n
    \nMy question is<\/b>, can I make a 6 node cluster for nutanix \/ storage point, with 3 volumes pools on all 6 node ?
    \nand more than that what will it implies in terms of storage performance, data protection, data seggregation (security team will challenge me heavily on this part) ?
    \nLast but not least, can I achieve this at the container level ?
    \n
    \nbest regards,
    \n
    \nThomas CHARLES","quoteUsername":"NewVirtTom","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">
该主题已关闭以供评论

5个答复

阿卢西亚尼
UserLevel 7
徽章 +34
感谢您的问题 - 我将吸引资源来帮助
在Twitter上关注我:https://twitter.com/angeloluciani
CBROWN
秩
UserLevel 3
徽章 +15
嘿,托马斯,

您可以使用6个节点和存储池搭配此功能。您想做以下操作:

1)创建3个存储池,每个存储池都有来自2个节点的所有磁盘。如果可能的话,请勿在同一块上使用2个节点
2)根据这三个存储池创建3个容器
3)创建3个vSphere簇,每个簇都有2个共享存储池的节点
4)使用vSphere数据存储权限来防止访问其他容器
5)如果需要外部访问数据存储,请使用容器级白名单

存储池将为数据提供物理分离,因此这两个节点是唯一可以保存实际数据的节点。元数据将正常散布在整个群集上。因为元数据(和宙斯配置)均分布在所有节点上,因此失败域将是所有3个环境(这是该节点的最大缺点与9节点配置)
\n
\nYou can accoplish this using 6 nodes and storage pools. You'd want to do the following:
\n
\n1) Create 3 storage pools, each with all the disks from 2 nodes. If possible, don't use 2 nodes on the same block
\n2) Create 3 containers based on these three storage pools
\n3) Create 3 vSphere clusters, each with the 2 nodes that share the storage pool
\n4) Use vSphere datastore permissions to prevent access to the other containers
\n5) Use container level whitelists if you need to access the datastore externally
\n
\nThe storage pool will provide physical separation for the data, so those 2 nodes are the only nodes that will hold the actual data. The Metadata will be spread out across the cluster as normal. Because metadata (and zeus config) is spread out across all nodes, the failure domain will be all 3 enviornments still (which is the biggest downside of this vs the 9-node config)","quoteUsername":"cbrown","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">
n
徽章 +9
谢谢布朗先生!

我喜欢这个概念。据我所知,Nutanix不建议这样做这样的合并,所以我想有一个缺点...

您能在表现税方面告诉我更多有关此的信息吗?

我知道元数据将分布在群集中,这意味着我对此有一个很好的RF,而不利的一面是,如果一个组件在其中一个节点上失败,那么无论如何都会受到影响。

由于它不会那么复杂,因此我想它不会对这种复杂性产生税收。

策展人 /星际之门如何反应?您是否有一些可以用来帮助我的管理层决定的宪章?

非常感谢

firttom
[b] @virttom [/b],实际上是富裕的,新技术迷,欧洲武术家(或某种;))
\n
\nI like the concept. As far as I know, this is not recommended by Nutanix to do such pooling so I guess there is a downside...
\n
\nCan You tell me more on this in term of performence tax ?
\n
\nI understand that Metadata will be spread across cluster, meaning that I'll have a good RF on this with the downside that if a component has a failure on one of the node, all will be impacted no matter what.
\n
\nAs it will not be so complicated fo Zookeeper, i guess it will not generate a tax on this complexity.
\n
\nHow curator \/ stargate react ? Do you have some charter that I can use to help my management decide ?
\n
\nthanks a lot for this,
\n
\nVirttom","quoteUsername":"NewVirtTom","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">
CBROWN
秩
UserLevel 3
徽章 +15
这就是这一点的光滑部分 - 如果正确设置,则不会产生性能影响。星际之门和策展人将不使用其他磁盘作为数据或复制品的目标。这确实意味着一个申请将在他人面前填写。当他们开始耗尽空间时,我会说他们应该拆下一个新的群集,而不是扩展该群集(使管理更易于管理,并且整个群集都更好)

如果设置不正确(例如,不将VM保留在具有SP磁盘的主机上),我们将失去数据局部性,但仅此而已。

是的,Zookeeper和Cassandra将继续保持正常状态。假设有3个2节点块,您应该将ZKS放在单独的块上,但除此之外,这并不重要。您可以有几个选择实际部署:

1)能够关闭块而不会影响任何层



在此部署中,任何块都可以失败而不会删除任何层,但是如果您需要关闭维护的一层,则需要关闭整个群集

2)能够关闭申请而不会影响其他应用程序的能力:



在这种情况下,任何应用程序都可以下降而不会影响其他应用程序,但是如果由于某种原因,他们想关闭一个块{edit:}应用程序层需要下降{不是整个群集}


只是为了在部署中添加另一个困难,您可以使用RF2容器进行RF3群集。在这种情况下,您可能会丢失2个节点而不会影响整个群集,但是如果两个节点失败来自1个应用程序,则应用程序会降低,而不会影响其他应用程序。此加上第一个方案中的设置,可以使您能够承受这两种故障方案。这里的表现很小。他们也将无法在这里轻松地将节点旋转到一个新的群集中(因为RF3需要5个节点),这使得它比理想的解决方案更少。
\n
\nIf setup incorrectly (for example by not keeping the VMs on the hosts that have their SP's disks) we would lose data locality, but that's about it.
\n
\nAnd yes, Zookeeper and Cassandra will continue on as normal. Assuming 3 2-node blocks, you should keep ZKs on separate blocks but beyond that it doesn't matter too much. There's a couple of choices you can have for actual deployment:
\n
\n1) Ability to shutdown block without affecting any layer
\n
\n

<\/a><\/p>
\n
\nIn this deployment any block can fail without taking down any of the layers, but if you need to shutdown one of the layers for maintenance you need to shutdown the whole cluster
\n
\n2) Ability to shutdown application without affecting other applications:
\n
\n

<\/a><\/p>
\n
\nIn this case any application can go down without affecting the other applciations, but if they want to shutdown a block for some reason {EDIT:} an application layer needs to go down {not the whole cluster}
\n
\n
\nJust to add another wrech to the deployment, you could do an RF3 cluster with RF2 containers. In that case you can lose 2 nodes without affecting the cluster as a whole, but if both nodes failures are from 1 application that application will go down without affecting the other applications. This plus the setup from the first scenario up there give you the ability to withstand both failure scenarios. There is a small performance hit here. They also wouldn't be able to spin out the nodes into a new cluster easily here (as RF3 requires 5 nodes) which makes this a less then ideal solution.","quoteUsername":"cbrown","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">

n
徽章 +9
感谢您的分享!:)

我会给你回馈。

为了解释这种设计的选择,您需要了解我为构建这个Blackbox的一些违规行为:

  • 实施将分布在多个实体中,包括大规模(1000 + VM +按需IaaAs至少超过50 VM)部署。
  • 作为简化的问题(CAPEX卷和OPEX安装团队),仅在一个Dell模型上进行选择,
  • 由于我们需要某些实体的3D支持和FC子卡,因此RC730 16G将是唯一的选择(对于Nutanix)。
  • Nutanix在我的客户选择上与VSAN保持平衡。
  • 将进行测试的型号:2XE5_2680V3 CPU / 24 x 16 go ram / 4 x 400Go SSD驱动器 / 12x 1,2 to SAS 10K HDD / 2XK2卡当需要3D ...
=>这是一个很好的脂肪盒,所以我试图说服我的客户选择最酷的产品和这种短包装的小客户。

所以我的策略将是:
__________
小盒子:
带有3/4个存储池/1个vCenter和3/4集群的6/8节点
中间盒子:
{9/12带有2个簇的节点,1个用于管理的存储池/ 1用于资源的存储池和2/3个容器/ 2个vCenter(管理和资源w/ 2/3 vclusters}或
{9/12带有3/4个簇的节点,每个储存池和1个容器/2 vCenter(管理与资源W/2/3群集}
大盒子:
  • 6+节点管理 / 1 cluster / {1 sp(对于RF3+ECX支持)。可能需要2 sp,如果需要NSX edge分割} .1 vcenter 1+vcluster。
  • 6+节点资源 / 1群集 / 2/3 sp。1VCenter 2/3群集。
_____________

带有您的解释(以及储备金,因为它将在纸板上被弄清楚,也未经测试或验证),我敢打赌,某些优点和缺点表将足够公平,可以选择它们。

纯粹,
[b] @virttom [/b],实际上是富裕的,新技术迷,欧洲武术家(或某种;))
\n
\nI'll give you feed back on this.
\n
\nTo explain this choice of design, you need to understand some contraints that I have for building this blackbox :
\n
\n
    \n
  • Implementation will be spread across multiple entities, including massive (1000+ VM + on demand IAAS to little (no more than 50 VMs) deployment. \n
  • As a matter of simplification (CAPEX volume and OPEX installation team), choice was made on only one DELL model, \n
  • Since we need 3D support and FC child card for some entities, RC730 16G will be the only option (for nutanix). \n
  • Nutanix is balanced with VSAN on my client choice. \n
  • model that will be tested : 2xE5_2680v3 CPU \/ 24 x 16 Go of RAM \/ 4 x 400Go SSD drive \/ 12x 1,2 To SAS 10k HDD \/ 2xK2 card when 3D is needed...<\/ul>=> this is a good fat box so I'm trying to convice my client chosing the coolest product and this kind of short package for little client.
    \n
    \nSo my strategy will be :
    \n__________
    \nlittle BOX :<\/b>
    \n6\/8 nodes with 3\/4 storage pools \/ 1 vCenter & 3\/4 clusters
    \nmiddle BOX :<\/b>
    \n{9\/12 nodes with 2 clusters, 1 storage pool for management \/ 1 for resources and 2\/3 containers \/ 2 vCenter (management & resources w\/ 2\/3 Vclusters} OR
    \n{9\/12 nodes with 3\/4 clusters, 1 storage pool each and 1 containers \/ 2 vCenter (management & resources w\/ 2\/3 clusters}
    \nlarge BOX :<\/b>
    \n
      \n
    • 6+ nodes management \/ 1 cluster \/{1 SP (for RF3 +ECx support).Maybe 2 SP if NSX edge segmentation is needed}.1 vCenter 1+Vcluster.<\/ul>
        \n
      • 6+ nodes resources \/ 1 cluster \/ 2\/3 SP. 1vCenter 2\/3 clusters.<\/ul>_____________
        \n
        \nw\/ your explanation (and a reserve since it will be taylored on paperboard not tested nor validated), and some pros and cons table I bet it will be fair enough for their choice to be made.
        \n
        \nsheers,","quoteUsername":"NewVirtTom","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">
Learn more about our cookies.<\/a>","cookiepolicy.button":"Accept cookies","cookiepolicy.button.deny":"Deny all","cookiepolicy.link":"Cookie settings","cookiepolicy.modal.title":"Cookie settings","cookiepolicy.modal.content":"We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.<\/a>","cookiepolicy.modal.level1":"Basic
Functional","cookiepolicy.modal.level2":"Normal
Functional + analytics","cookiepolicy.modal.level3":"Complete
Functional + analytics + social media + embedded videos"}}}">
Baidu