Converging network with HP FlexFabric and FlexManagement

This week, we shine the spotlight on network convergence and management in the FlexNetwork portfolio, specifically the HP Virtual Connect FlexFabric modules and the Intelligent Management Control (IMC) software.  Networking is generally not my forte, so some of this is a stretch for me, but I use and understand Virtual Connect. FlexFabric is an implementation of Virtual Connect while IMC has been branded as FlexManagement in the portfolio and is used to encompass management for all of the FlexNetwork portfolio.

Some Basics on Virtual Connect

FlexFabric is a particular type of Virtual Connect module and fits into the FlexNetwork portfolio.  Virtual Connect attempts to address many problems, but primarily it is about reducing the amount of physical wiring and switch ports required to cable a blade system, about reducing human-caused errors due to complex cabling, and about adding the ability to pre-wire the entire enclosure for life and pre-allocate all Ethernet and SAN requirements during first install.

The major selling point of Virtual Connect is the ability to virtualize the network MAC addresses and the Fiber Channel worldwide names/ID (WWID).  Virtual Connect allows for server profiles to be built and assigned to blade hardware and then provides the ability to move the profile from physical blade to physical blade without the need to reconfiguration.  The virtualized WWID and MAC addresses are used instead of the physically assigned addresses that are provided from the manufacturer.

When first introduced, Virtual Connect (VC) existed as separate Ethernet and Fiber Channel modules.  Installed in pairs, each VC module is physically “wired” through a mid-plane to specific blade server ports.  Both the Ethernet and Fiber Channel pairs share a 10Gb “cross connect” connection on the backplane which allows each pair of modules to talk between each other and pass traffic to uplinks from each blade port, even if the uplink is on the other module.  The cross connects also allow for rerouting traffic to the other interconnect bay should an upstream network switch lose connection or become isolated.

Incremental Advancements

The first enhancement for Virtual Connect came with the introduction of Flex-10 technology in 2009, which took a 10Gb network interface on the motherboard and split it into 4 FlexNICs which are LAN on Motherboard (LOM) interfaces and allows the ability to set a fixed amount of bandwidth per FlexNIC.  Each interface is presented to the operating system on the blade as a separate NIC.

Covered in the call last week, the newest innovation in Virtual Connect technology is the ability to condense both Fiber Channel and Ethernet all onto a single set of interconnect modules, known as FlexFabric modules.  FlexFabric allow for the FlexNICs to present either 3 NICs and 1 FCoE (Fiber Channel over Ethernet) converged port to a server or 4 NICs (like the previous Flex-10), depending on server need.  The FlexFabric module removes the need for separate Fiber Channel adapters in a mezzanine slot on a blade and instead uses a Fiber Channel over Ethernet converged LOM.  From the FlexFabric Interconnect module, Fiber Channel uplinks are sent to the Fiber Channel switches and the traditional Ethernet uplinks are sent to network switches.  As the name implies, the ports are flexible and each of the SPF ports is capable of running Ethernet or Fiber Channel uplinks.

With any new technology, practices for security and monitoring must change and adapt to the innovation.  In general, security integration appears to be an afterthought in many cutting edge enhancements, taking VMware for example.  VMware is the most common example when we think of virtualization technology, but when virtual switching was first implemented, there was no way to view inter-VM traffic that never left the host.   In many cases, administrators were faced with a black box making it impossible to monitor, inspect or halt malicious traffic.

With Virtual Connect, some of the same issues apply, but HP has offered at least one solution to administrators and security officers.  HP’s Virtual Connect technology does allow for a network mirror port which can replicate all traffic out for inspection, so even traffic that never leaves the enclosure thanks to the way Virtual Connect implements can be inspected and send alarms accordingly.  It may not be as good as an in-line security solution that can actively block malicious traffic, but at least administrators can gain visibility.

A More Intelligent Way to Manage Network Infrastructure

As part of our call last week, we were also shown HP’s Intelligent Management Center, or IMC.  This software is a control and monitoring software for heterogenous switches and routers in the datacenter all from a single, common interface.  IMC is an impressive offering from HP, which gives network administrators a single interface to learn to provision all of their switches.  With a hardware compatibility list of over 5,000 devices, the IMC is a capable platform to control both your HP, Cisco and other vendor’s network gear.

IMC addresses the problem of swivel chair management where administrators must monitor multiple, vendor-provided management products for each different vendor or product line represented in your datacenter.  But even for a company that has standardized on non-HP network gear, IMC is a powerful interface that can be put to work for them for more than just monitoring and management.

IMC is a modules that can be added in for user access management which can centralize user accounts with a full-featured RADIUS server that can be used 802.1X, VPN, and wireless authentication.  In addition the UAM module adds features to lock down and secure corporate devices by preventing IP and user account spoofing and prevent address conflicts.  The same package can also be used to lock down corporate PC’s to prevent use of USB and external storage devices.  Another module that plugs into IMC is Endpoint Admission Defense tools, which can be used to policy control clients and ensure that devices on the network are safe for the network, patched and have up to date antivirus definitions.

IMC provides a great view into virtualized networking (as in VMware) and can monitor the virtualized networking to a very granular level. It exposes what has been a black box of virtual networking using vendor provided API’s.    At present, IMC support VMware and Hyper-V but will grow to include XenServer and KVM in 2012, if things go as planned.

Recap

All in all, the entire series for the Blogger Reality Show has focused on ways to converge infrastructure for simplicity and ease of management.  Each of the HP offerings approaches convergence on different sections of the IT puzzle. In HP’s product line, we have seen the basic building blocks of convergence with servers and the Bladesystem, we have seen converged storage solutions built on x86 hardware, we have seen these solutions built into larger solutions for virtualization and cloud, and finally we have investigated the solutions HP has to converge and management networking.

The Reality Show has been a very cool thing to take part of.  From a blogging perspective, it has been very cool to get judges feedback and to learn and stretch myself by trying new ways to promote the blog and posts.  The winner will be named next week at VMworld and I’ll try to post an expanded post about the contest after we wrap next week.  So, now it is your turn again…  Vote and comment.

This is the third and final post for Thomas Jones’ Blogger Reality Show sponsored by HP and Ivy Worldwide. I ask that readers be as engaged and responsive as possible during this contest.  I would like to see comments and conversations that these entries spark, tweets and retweets if it interests you and I also request that you vote for this entry using the thumbs up/thumbs at the top of this page.  As I said earlier, our readers play a large part in scoring, so participate in my blog and all the others!

Tags: , , , , ,

 

About the Post

4 Responses to “Converging network with HP FlexFabric and FlexManagement”

  1. Will the Fiber Channel over Ethernet really be able to perform as well as standard Fiber Channel?

    August 22, 2011 at 2:25 pm Reply
    • Philip #

      Great question Jamie. A lot of what we are seeing with FCoE and iSCSI is thanks to 10Gb Ethernet. 16Gb Fiber Channel is available as of earlier this year and Brocade is already working on 32Gb Fiber Channel technology. Ethernet is continuing to develop – with 40Gb and 100Gb Ethernet standard already ratified. I don’t think these have trickled down to datacenter grade network gear – more for core applications, I believe (could be wrong). So speed wise, its changing. There is some overhead in encapsulating FC on Ethernet, but its small (around 2% from what I read). So, most agree Ethernet is actually faster and more efficient — but the primary reason for convergence is so that a single network transport can carry both types of traffic. That’s the big push, but again, GREAT question!

      August 22, 2011 at 10:30 pm Reply
  2. inthenet #

    The IMC does seem pretty impressive, but I am very curious as to how the UAM module can lock down USB ports on corporate PCs. Are you saying this could happen regardless of OS type?

    August 24, 2011 at 1:22 pm Reply
    • Philip #

      I do not have all the answers there. I will try and find out and follow up, but I will wager my opinion. I believe this is accomplished using an agent on the client PC which is used to check for things like up-to-date antivirus, the correct (required) Windows updates and other security patches before allowing the PC onto the network. I believe the same agent can be used to limit use of the USB and CD media.

      August 24, 2011 at 1:59 pm Reply

Leave a Reply

%d bloggers like this: