Huawei Helps a University Supercomputing Cloud Computing Center Solution
chrispeng [ad_1]
1. Customer background
A university’s cloud computing industrial park relies on the school’s scientific research strength, integrates the school’s subject resources, builds a technology development platform, and guides scientific research resources to tilt towards big data applications. The business scope of cloud computing industrial park operations covers cloud computing, supercomputing, spatial information, mobile The Internet and other fields will provide a wide range of data and infrastructure services for government departments and corporate users.
Among them, the cloud computing center relies on high-speed Internet access and large-scale network interconnection, adopts the latest cloud computing technology, and relies on the powerful infrastructure of the supercomputing center to provide front-end and back-end integration support for the release, hosting and cloud service support of cloud applications. , through the virtualization and flexible scheduling of computer hardware resources, provide elastic cloud computing services for enterprises and institutions, and customize solutions and service models according to the individual needs of different users. The computing power of the supercomputing center is as high as 1,170 trillion times per second, making it the largest supercomputing center in a certain region, second only to the Shanghai Supercomputing Center among regional supercomputing centers in the country. It provides fast and high-quality computing services for users in manufacturing, biopharmaceuticals, animation and video rendering, and high-resolution remote sensing applications. The Spatial Information Center will provide data services, data processing, consulting reports and solutions for fields related to the national economy and people’s livelihood, such as modern agriculture, disaster prevention and mitigation, resources and environment, public safety, and refined urban management. With the help of the one-stop operation support system, the mobile Internet enables developers and industry users to obtain the operation support of mobile applications, so as to achieve the goals of precise marketing of e-commerce and aggregation, analysis and service of mobile government affairs and business information. At the same time, the cloud computing industrial park also has national-level data infrastructure to provide a high-strength network security environment. The security facilities meet the five-level national information security level protection standard, and can provide a professional network security, information security and data security guarantee system. , and provide a full range of infrastructure services, which can realize hosting, hosting and bandwidth leasing services.
2. Solutions
The scheme is constructed in accordance with the architectural principle of “one cloud data center, multiple business cluster resources reuse”, and the infrastructure resources are designed in a unified manner, and the data center is designed in accordance with the green modular architecture. The first phase of the project plans to build a unified cloud computing platform, data center network, storage and other parts.
The core design ideas of the overall plan are: “integration”, “layering” and “partitioning”:
Convergence: In order to simplify operation and maintenance, and truly realize the unified, efficient and flexible use of IT infrastructure resources of supercomputing and cloud computing centers, the solution adopts the method of “one cloud management platform”, using Huawei RH2288 V2 and RH5885 servers to carry supercomputers. For computing services and cloud computing services, the entire data center can be smoothly expanded, and the physical resources and cloud computing virtual resources can be managed and scheduled flexibly in a unified manner.
Layering: On the basis of the integration of IT infrastructure, a layered architecture cloud computing service platform and supercomputing service platform are used as the support for the construction of various business applications on it. On the network, the data center network design is divided into the core layer and the access layer to realize a flat two-layer network architecture.
Partitioning: According to the isolation requirements of different business functional areas of the data center, the data center network is divided into multiple business areas, and the network logic isolation is achieved between the business areas through corresponding technologies; according to the requirements of efficient exchange of the data center network, the data center storage network It is separated from the business network to ensure that business data and stored data do not affect each other.
Using virtualization technology, the management system of the cloud platform needs to exchange a large amount of management and monitoring data with computing resources and storage resources; virtual machines need to mount the storage resources of the storage pool, and also need massive data transmission in the data center network ;At the same time, the business data of the virtual machine is also transmitted in the network. In order to better support the transmission of these three types of business data, the network is divided into three planes of management, business, and storage within the data center, and the three network planes are isolated from each other. do not affect each other.
Business plane: It is used to carry the traffic from the client to various business application systems in the data center and the traffic between cloud hosts in the data center. The business plane is further divided into different business service areas according to the needs of business categories.
Management plane: It is used to carry management data, command operation data, and maintenance and monitoring data of cloud computing systems between data center networks, servers, storage, and security devices. The management plane and the service plane share the core layer switch, and the two planes are isolated through VLANs.
Storage plane: used to carry storage traffic between computing subsystems and storage subsystems. The storage plane network is an independent isolated network, which ensures the service quality and security of the storage network.
According to the above design ideas, the internal switching network of the data center network is divided into two levels: core and access, and is divided into multiple functional areas such as external connection area, network service area, and business service area according to different network functions. At the same time, in order to better support the operation and management of cloud computing in the data center, the network is divided into three network planes: management, storage, and service.
The overall network structure proposed by this project can be divided into: outreach layer, core network area, access network area, cloud computing service area, management area, supercomputing service area, and storage area.
Program advantages:
One data center, supporting multiple business platforms;
Unified operation and maintenance of the data center: unified management and unified operation and maintenance of equipment in the data center;
Virtualization: The architecture is open and advanced, supporting high-performance CPU/memory/storage/network virtualization, QoS guarantee, high security and high stability;
Standardization: Interface standardization, supporting billing, maintenance management, equipment integration, operation support, and capability API; process standardization, supporting standard processes for IT management, maintenance management, business management, security management, and network management;
Automation: support end-to-end automatic deployment; support automatic management and maintenance; support self-service operation services;
Intelligent: support flexible resource scheduling and allocation, support flexible system and business deployment, support real-time environmental monitoring and alarm, support dynamic load balancing and energy saving;
Supercomputing center: supports multiple types of parallel tasks, supports flexible and diverse scheduling strategies, supports flexible and convenient node management, supports custom application business processes, provides a general job management and scheduling platform, high availability, and high concurrency;
SLA: Innovative, intelligent service modeling that provides high reliability SLAs for infrastructure, application performance management, workload, security, compliance and service desk management;
Network equipment: data center-level switches are used to ensure high reliability of the data center network;
High data reliability: The storage adopts high-end NAS cluster, supports multi-node load balancing, ensures high storage IO, high bandwidth, and ensures business continuity and high availability;
High security: HUAWEI CLOUD solution adopts device-pipe-cloud collaboration, from access-side security, network security, cloud platform security, data security to management security, multi-level security design, focusing on prevention, supplemented by monitoring and auditing, Comprehensive protection of data center security;
Easy to manage: provide a convenient UI management interface, with strong self-discovery, self-deployment, self-service, self-management, self-recovery, and self-optimization capabilities;
Operational: cloud computing resources can be operated, providing customer self-service and self-management;
Flexible expansion: HUAWEI CLOUD’s system capabilities support ultra-large-scale user capacity requirements and fully meet the development needs of future cloud data centers. Follow-up to achieve elastic expansion and on-demand expansion according to business needs, without affecting the continuity of existing business;
Efficient maintenance capability: The system supports efficient problem location capability and shortens the problem recovery time;
Network plane isolation: In the data center, the network is divided into three planes: management, service, and storage. The three network planes are isolated from each other and do not affect each other.
High network reliability: All network devices are clustered or stacked, all network links are redundant or load-sharing, and storage is accessed in multi-path mode to ensure high availability of network links;
Openness: Provide open APIs for docking with third-party systems;
High deliverability: Huawei has experience delivering large-scale batch projects and can help enterprises quickly deploy cloud services, supercomputing, and data center solutions;
Cost-effectiveness and performance: Dynamic computing capacity adjustment, monitoring and scaling of applications according to management strategies, reducing maintenance costs, saving energy and reducing emissions;
Customized development: Completely independent knowledge products, mastering core technologies, strong customized development capabilities, and can quickly respond to customer needs.
Topology Description:
Outreach layer
The external connection layer is mainly used for interconnecting the data center with multiple Internet operators and private networks, providing high-speed interconnection export links for the data center, and realizing the intercommunication between the data center and the Internet and private networks. The egress router is connected to multiple operator networks and private network networks through operator links to improve link reliability and protection. At the same time, a high-end firewall is deployed at this layer. It is recommended that the firewall also have the traffic cleaning function, which can provide protection when the data center is subjected to DDoS attacks, and provide the first layer of security protection for the data center as a whole.
core network area
The core network layer is a bridge hub connecting all regions of the entire data center, and is responsible for the forwarding of internal data traffic and external data traffic.
Since this project is cloud computing and supercomputing, the core network equipment must support the IETF standard protocol TRILL (Transparent Interconnection of Lots of Links), support 10GE core switching networking; build a super large-scale Layer 2 network with more than 500 nodes, It supports flexible deployment of user services and large-scale migration of cloud computing virtual machines.
Due to the large layer 2 network structure, this area is the gateway node of each application service, and is the exchange node inside and outside each service data. The deployment of security detection, analysis, and protection equipment in this area has natural advantages, which play a second role for each service application. layer of security protection.
Operation and maintenance area
Most of the security devices are deployed in this area, such as remote security access, vulnerability scanning, intrusion detection, auditing systems, etc., to provide security detection, analysis, protection and remote security access functions for the entire network.
access network area
The access network area provides network access services for various devices, and various devices provide a large number of network interfaces through the access network devices for data communication. The access network equipment and the core network equipment are interconnected through a link with a certain convergence ratio, providing a wider range of data exchange services for computing, storage and other equipment.
Cloud computing business area
The cloud computing business area uses Huawei RH2288 V2 and RH5885 servers. This area uses the FusionSphere cloud (virtualization) technology to pool resources to form a computing resource pool.
Virtualization hosts generated on demand by cloud computing resource pools. Cloud hosts can work like traditional hosts, with higher elastic resource usage, expansion, migration, and more flexible configuration and rapid deployment capabilities.
Management area
The management area includes two parts: operation and maintenance management and security management. The two parts of the management area are separated by VLANs and communicate with each other at three layers.
The main responsibility of the operation and maintenance management area is to monitor the data center including routers, switches, firewalls, servers, storage,cloud computingresources, as well as various application software and other systems for unified management and monitoring. The operation and maintenance management area deploys operation and maintenance equipment such as servers, control hosts, and operation and maintenance clients related to operation and maintenance management and monitoring, as well as the unified operation and maintenance management software of ManageOne; connects, operates, and manages all hosts, servers, and networks in the data center. Devices, storage devices and other consoles, monitoring machines, etc.
The main responsibility of the security management area is to uniformly manage and monitor the network, host, system, cloud computing resources and applications within the data center. The security management area deploys the servers and systems of the security management system, such as the patch distribution system, the network antivirus system, the webpage anti-tampering system, the host protection system, and the monitoring console of the security equipment. Realize the management and maintenance of network, security, equipment, system, application, data, etc.
Supercomputing area (not currently under construction)
Provide computing resources for the supercomputing service platform in the form of physical infrastructure, use multiple 10GE fibers to the CE12800 core switching area, and incorporate management into the data unified management platform ManageOne.
storage area
The storage resources of the data center mainly include DSware distributed storage resource pool and NAS storage. DSware distributed storage resource pool and NAS storage mainly provide storage resources for business applications and data backup within the data center.
The DSware distributed storage resource pool uses the storage network plane inside the data center to transmit storage data. The network storage plane is physically isolated from the service plane to ensure the quality of storage data transmission. NAS storage uses the service plane network inside the data center to transmit storage data, and provides storage resources to the internal servers of the data center through CIFS and NFS standard protocols.
3. Customer value
The completion of a university supercomputing cloud computing center will play a driving and leading role in the construction of scientific and technological infrastructure, the cultivation of strategic emerging industries, and the development of high-tech industrial clusters in Liaoning and Shenyang, and will help Shenyang build an experimental zone for “integration of industrialization and industrialization” and take the Contribute to the new industrialization path that informatization drives industrialization.
[ad_2]
