Eye on Blades Blog: Trends in Infrastructure
Get HP BladeSystem news, upcoming event information, technology trends, and product information to stay up to date with what is happening in the world of blades.

Customizing BladeSystem Matrix Allocation Rules Engine for Multi-tenancy Solutions

Early this week I was in a couple of halo meeting sessions with folks in our Bangalore India location, taking about "the next big thing". It reminded me that the last thing we worked on - exposing an extensible rules engine into the allocation and placement - was part of the BladeSystem Matrix 6.0 release. I wanted to talk a little about that capability today and give an example of how it can be used in deployments involving multi-tenancy.


BladeSystem Matrix Allocation and Placement Rules











Allocation and placement has always been a key function of BladeSystem Matrix.


When multi-tier service designs (represented my templates) are submitted for instantiation, it is the allocation and placement function that looks at the requirements for the service in terms of individual element specifications, desired service topology and lease period and them binds these to the available resources in the environment based on their characteristics and capacity, availability calendar, and physical topology.


In BladeSystem Matrtix 6.0, this allocation process can be customized by an extensible rules engine. Overall there are 18 different allocation rule sets that can be extended as shown in figure 1. The policy.xml file specifies which of the rule sets should be used. These are further explained the in the Insight Orchestration User Guide on page 48.


 



 
Figure 1 Extensible Rules sets




 


Mutl-tenancy Example











A very common use case I hear from customers is the desire to have a common design for a service but to have some aspects of the resource binding to be determined by the identity of the service owner.


In this scenario, we consider a provider who is servicing two competitors like Marriott and Hilton hotels but wants to put offer a common service template in the catalog. The desire is that when Marriott deploy a new instance of the service, that service instance would connect to Marriott-Corporate network segment. However, if Hilton deploy the service, then their service instance would connect to the Hilton Corporate network segment.




Figure 2. Pre-configured networks for the two competing  corporations




Setting up your Service Template











Here we show a portion of a simple single server template as an illustrative example. This is a multi-homed server with



  • 1. a connection to the corporate network. The network is named "@corporate". Later on in the rule engine we will look for the "@" sign in the name to trigger special rules processing

  • 2. a connection to an internal network private to the service "net1".



 


Figure 3 Sample Multi-tenancy configuration




 Adding the processing Rule


The rules engine is based on Drools. The rules are written expressed in Java with a Drools rule semantic wrapper. I'll give you a boiler plate wrapper to get you started below. This rule and the Java function are appended to the SubnetCheck.drl file. I'm going to show a very simple example, but can imagine that the creative community will quickly come up with some more sophisticated implementations. In figure 4, I show a simple rule. The rules processing is invoked to refine the candidate networks for allocation to the new service instance. The rule runs for each network (LogicalNetwork) specified in the template, and for each candidate network in the environment. The purpose of the rule processing is to discard candidates that "don't fit".


This snippet basically extracts the information about the subnet specification in the template (the $logicalSubnet), the candidate list of networks ($subnet) from the context ($pVO). It invokes a function customerSpecificSubnetCriteriaCheck to perform the actual processing. 


rule "CustomerSpecificSubnetCriteria"
       when
               $pVO : PolicyExecutionVO( );
               $resLst : List();
               $logicalSubnet : LogicalSubnet();
               $subnet : Subnet() from $resLst;
              eval(customerSpecificSubnetCriteriaCheck($logicalSubnet, $subnet, $pVO)); 
       then
             
              // match processing is embedded in customerSpecificSubnetCriteriaCheck
              // $pVO.match($subnet, HPIOMessage.get(HPIOBundleKey.ALLOCATION_CRITERIA_CUSTOM, "CustomerSpecificSubnetCriteriaCheck succeeded"));
end


Figure 4. Boiler plate rule example


The function code is placed in the drl file after the rule statement. Here is the snippet


function boolean customerSpecificSubnetCriteriaCheck(
                                         LogicalSubnet logicalSubnet,
                                         Subnet subnet,
                                         PolicyExecutionVO pVO) {

       AllocationEntry ae = pVO.getAllocationEntry();
      
       InfrastructureService service = ae.getInfrastructureService();

       String serviceName = service.getName();
       String owner = service.getOwner().substring(owner.lastIndexOf("\\")+1); // strip domain
       String lsName = logicalSubnet.getName();
       String psName = subnet.getName();

       System.out.println("Service: " + serviceName + " Owner: " + owner);
       System.out.println("LogicalSubnet: " + lsName + "Physical Net: " + psName);
      
       boolean match;
      
       if (lsName.beginsWith("@")) {
              String key = lsName.substring(1); // strip off @
              // March @key to networks with Id "owner-key"
              match = psName.equalsIgnoreCase(owner+"-"+key);
       } else {
              // regular network. Could include additional security checks here.
              match = true;
       }
       if (match) {
              pVO.match(subnet, HPIOMessage.get(HPIOBundleKey.ALLOCATION_CRITERIA_CUSTOM,
                                                                                  "CustomerSpecificSubnetCriteriaCheck succeeded"));
       } else {
              pVO.doesNotMatch(subnet, HPIOMessage.get(HPIOBundleKey.ALLOCATION_CRITERIA_CUSTOM,
                                                                                                      "Could not find customer specific subnet"));
       }
       System.out.println("MATCH="+match);
       return match;
}


Figure 5. Rule processing example


The function starts by getting the information on the InfrastructureService being provisioned.  This contains details of the entire template being provisioned and can be used for additional context aware processing. From this object we extract the service owner name (stripping off the windows domain), as well as the name of the service. It is also possible to extract information such as the "notes" that are specified for the service where additional information may also be encoded by the requestor.  From the LogicalNetwork object we extract the name (ie "@Corporate" or "net1") in lsName. Similarly we extract the physical network name into psName.


I've included some debug lines using System.out.println . These show up in C:\Program Files\HP\Insight Orchestration\logs\hpio.log.


The purpose of this code is to return "FALSE" if the physical network is not a match candidate for the LogicalNetwork specified in the template, otherwise return "TRUE". The rules processing logic requires that if the rule allows an element to be a selection candidate, then the function pVO.match must be invoked for that element. If the element is to be eliminated from consideration, then pVO.doesNotMatch() needs to be invoked listing a reason for the exclusion. As a matter of coding style, you can either include the calls to both these routines in your custom function, OR you can just include the pVO.doesNotMatch() code in the function, and put the pVO.match() innocation in the body of the rule.


For logical networks not beginning with a "@" we just want to return TRUE and let the normal selection rules apply. For networks beginning with "@" we will be more selective, excluding candidates unless they match a specific pattern. For a logical network specified in the template with name of the form "@key" we want it to match against physical networks named "owner-key", where owner is the id of the requesting user. The logic looks for a lsName beginning with "@" and then strips off the "@" to create the key. We then test the physical server name to see if it matches the owner-key pattern.


Configuring the Code


To configure the use of the rules processing, edit C:\Program Files\HP\Insight Orchestration\conf\policy\policy.xml As shown in Figure 6. Once you have updated the policy.xml file you will need to restart the Insight Orchestration service.


<policy enabled="true" name="SubnetPolicyCheck.applyFitting">
    <policy-rule-file>SubnetCheck.drl</policy-rule-file>
    <policy-class-name>policy-class-name</policy-class-name>
</policy>


 Figure 6. Configuring rules processing


Provisioning the Service











Now we are ready to deploy the service. Logging on as user Marriott, I create the service using the template shown earlier in Figure 2. Once the provisioning completes, I can look at the service details page for more information about the service. Select the network named "@Corporate" and then click on the resource details tab. From there I see that the network has indeed been mapped to the Marriott-Corporate network by the customer allocation rules processing.



 


Figure 3 Provisioned Service details




Conclusion


The rules based processing capabilities in BladeSystem Matrix enables simple realization of customized resource allocation processing that can be used to simplify and extend Matrix template deployment. I hope this example helps others to quickly understand the capabilities enabled through this powerful engine and gives a "Quick Start" to writing your own custom rules. If you have cool examples of rule extensions you have implemented, I'd be interested in hearing about them.


Thanks to Manjunatha Chinnaswamynaika for helping me to create this example.


Happy coding :smileyhappy:


 

Virtually (and literally) #1

This week we released VMMark results for the new HP BL490c G6 server blade.  The scores establish the BL490c as
the highest performing 2-socket server blade for virtualization -- eclipsing blades offered by IBM, Dell, and Cisco.


By the way, this 2-socket result ( 24.24 at 17 tiles) follows just on the heels of our #1 4-socket blade result for the BL685c G6.


It's particularly revealing that the BL490c tops the Cisco B200-M1, since Cisco trumpeted performance on VMWare as a centerpiece
of their Unified Computing System.  Cisco engineers deserve lots of kudos for their innovative work on UCS.   Their UCS ideas seem very network-centric, though, and I think
the BL490c's VMMark result shows the benefits of looking at performance problems from the data center level, rather than just from the
CCIE's perspective.


To get this high performance, our engineers designed the right compute server (with high memory bandwidth and capacity),
and coupled it with lots of NICs and bandwidth provided by Virtual Connect Flex-10.  (We also bring in the right storage, too.)


Yet the breadth of HP BladeSystem means we can deliver that performance for vSphere, but not compromise on other workloads. 
No compromises in Top500-style high performance computing, for example, or for many, many other workloads.


Bonus: HP's high-performance virtualization solution (including the HP BL490c G6 server blade and HP Virtual Connect Flex-10) are available today.
Cisco's UCS?  Well...I just hope Cisco starts shipping that product sooner than Duke Nukem Forever.


 

Virtual Connect now helps converge infrastructure (and lower costs) even more!

On Monday, April 20th, we announced a new Virtual Connect family member and expanded capabilities for all Virtual Connect products.  We’ve see a great deal of momentum building behind virtualization and infrastructure convergence - and these enhancements will help our customers better meet their goals.


When customers put applications onto fewer servers with virtualization, they increase the needed density of both data and storage networking.  So, customers not only need server virtualization, but they also need to virtualize and converge server I/O.   Last November, we introduced the HP Virtual Connect Flex-10 technology that divides a dual-port network interface controller into 8 FlexNIC ports.  This technology reduces the cost associated with data networking in a virtualization environment by greatly reducing the number of cables, switches and additional NICs needed. 


Now we just announced a new Virtual Connect 8 Gb Fibre Channel module to support the heavy SAN needs of virtual servers.   The HP Virtual Connect 8 Gb 24-port Fibre Channel Module has twice the bandwidth of our 4 Gb Fibre Channel module running at up to 8 Gb on all downlinks and uplinks. Second, it has a total of 8 uplink connections, which is double our current module. Third, it features support for increased server side NPIV support with 255 World Wide Names available per server.  So all together more Virtual Machines can be hosted per server and per set of Virtual Connect Ethernet and Fibre Channel modules.  The result is needing fewer servers AND fewer interconnect modules. Fewer servers and interconnect modules mean a lower purchase cost, simpler set-up and ongoing management, and fewer cables, all able to host more application workloads..  More for less works well for everyone.


We added a new Virtual Connect multi-enclosure stacking feature. Multi-enclosure stacking allows up to 4 BladeSystem enclosures to be connected together into one Virtual Connect Domain.  This provides two big benefits. One, it creates a single simple server connection management domain for up to four enclosures, or up to 64 servers. Second, it also means fewer uplink cables to top of rack or core network ports, further reducing cable and expensive core port costs.


We’ve also enhanced Virtual Connect Enterprise Manager.   The new 1.30 release supports our new Virtual Connect 8Gb Fibre Channel Module, our latest G6 server blades announced last month, and extends the number of supported Virtual Connect domains to 200.  When combined with multi-enclosure stacking, this means that Virtual Connect Enterprise Manager can simplify the set-up and ongoing management of server I/O for up to 800 BladeSystem enclosures or put another way, up to 12,800 servers!  Enabling system administrators the ability to manage the connectivity of up to 12,800 servers will go a long way to making life simpler and less expensive for many of our customers.


So for customers looking to converge infrastructure or increase benefits from virtualization, we hope you let HP and our resellers help you save money, reduce your network complexity, and simplify your IT environment with Virtual Connect Ethernet and Virtual Connect Fibre Channel.


 “Connect More - Spend Less!”


Michael Kendall


ESS Virtual Connect

Why it's time to think virtualized infrastructure, not just servers.

When Intel and AMD put processor performance into overdrive, virtual server adoption skyrocketed.  Then came the virtual server tsunami.  IT shops became swamped by a plague of virtual server sprawl complete with diverging tools and a patchwork of IT processes for physical and virtual apps.  The tsunami also brought network and memory bottlenecks plus the other two Horsemen of the Apocalypse: Security and Command/Control Issues. 


Just like 'nature abhores a vacuum', it seems that 'IT hates unbalance'.  Thinking 'virtual server-only' leads to ad hoc virtualization and unbalance across your architecture and organization. 


Move over virtual servers.  It's time to think virtualized infrastructure.


Here's why thinking virtualized infrastructure is critical to keeping the balance.




  • If you only virtualize servers, you're missing huge cost saving opportunities to cut network, storage and facilities costs too.



  • You see the bigger picture and can take steps to unify virtual and physical tools, processes and operations



  • It helps you identify and address the key bottlenecks to virtual server performance



  • It leads to more convergence and another round of hardware and operational cost savings.  As an example, as servers and storage converge, (i.e., the data moves closer to the application) there is a huge opportunity to eliminate  the network equipment cost in between.

Over the last 12 months, we have taken several practical steps to deliver a unified virtual infrastructure. No hype.  No fancy names.  Just a thoughtful approach delivered today to help you deploy and manage a virtual infrastructure simply.




  1. It started with Insight Dynamics, a capacity planning and orchestration in one tool to manage applications on virtual and physical servers in the same way.  This was the beginning because the virtual server tsunami is the biggest driver of cost is operational driven by diverging tools, processes and roles.


  2. Next came the world's first server blade optimized for virtualization.  The aim here was to remove the memory bottlenecks and optimize a server for shared storage connections.


  3. The last piece in the trilogy was Virtual Connect with Flex-10 technology.  The first generation of Virtual Connect already proved its merits by simplifying virtual server operations between the server, LAN and SAN administrator.  Flex-10 took it to a whole new level with the ability to consolidate network equipment 4 to 1, 10Gb speeds, and the ability to carve up and fine tune that 10Gb performance to suite the needs of virtual machine channels.


  4. Rethinking storage for a virtual infrastructure is the next step.  Our friends over in the HP LeftHand group recently launched the SAS Starter SAN.  Based on high-performing SAS drives, LeftHand's architecture automatically balances data volumes across all disk drives, network connections and processors.  Isn't this the direction that makes sense for virtualization?

We've been working with a lot of folks like VMware, Microsoft, Citrix, Oracle and more, to not only unify this infrastructure with their technology, but also to make it easier to integrate into your environment.  The good news is it's not a one-size-fits-all approach. 


Get a head start on deploying virtualized infrastructure today by checking out this virtual infrastructure solution example featuring VMware.


 

Aaron Delp Busts Blade Power Myths

We recently learned that Aaron Delp closed down his BladeVault blog and is focusing on creating more useful infomation to share with the greater community by contributing to Scott Lowe's blog.  For those of you that don't know Aaron, he's a senior engineer who is literally on the front lines of the blade and virtualization revolution. No, he doesn't work for HP or IBM.  But he does know just about everything there is to know about us both.  The good, the bad and the ugly.

power_meters

We not only like Aaron because he's a smart guy who shoots it straight, but also because he likes to share what he knows with the community.  Like I said, he knows a lot.


Well, here's what he's up to now.  In a series titled "Blades and Virtualization Aren't Mutually Exclusive", Aaron is sharing a ton of personal research and experience with blades.  In his first two articles in the series, he takes an insider look at the power advantages of blade versus rack servers - looking at both HP and IBM.  I know we told you blades use a lot less power before, but you still think we're full of crap.  Fine.  Take it from Aaron.


 



In his next article, Aaron promised to focus on the expansion abilities of both the IBM and HP blade servers. We'll be reading and linking his thoughts here.

Search
Follow Us


About the Author(s)
  • More than 25 years in the IT industry developing and managing marketing programs. Focused in emerging technologies like Virtualization, cloud and big data.
  • I work within EMEA ISS Central team and a launch manager for new products and general communications manager for EMEA ISS specific information.
  • Hello! I am a social media manager for servers, so my posts will be geared towards HP server-related news & info.
  • HP Servers, Converged Infrastructure, Converged Systems and ExpertOne
  • WW responsibility for development of ROI and TCO tools for the entire ISS portfolio. Technical expertise with a financial spin to help IT show the business value of their projects.
  • I am a member of the HP BladeSystem Portfolio Marketing team, so my posts will focus on all things blades and blade infrastructure. Enjoy!
  • Luke Oda is a member of the HP's BCS Marketing team. With a primary focus on marketing programs that support HP's BCS portfolio. His interests include all things mission-critical and the continuing innovation that HP demonstrates across the globe.
  • Global Marketing Manager with 15 years experience in the high-tech industry.
  • Network industry experience for more than 20 years - Data Center, Voice over IP, security, remote access, routing, switching and wireless, with companies such as HP, Cisco, Juniper Networks and Novell.
  • 20 years of marketing experience in semiconductors, networking and servers. Focused on HP BladeSystem networking supporting Virtual Connect, interconnects and network adapters.
  • Greetings! I am on the HP Enterprise Group marketing team. Topics I am interested in include Converged Infrastructure, Converged Systems and Management, and HP BladeSystem.
Labels