In its endeavor to accomplish the mission of becoming the most trusted world-class asset management company, CITIC Private Equity Funds Management Co., Ltd. has achieved rapid business development by taking advantage of its in-depth industry-specific research and insights. However, in certain stages, the company’s information system construction lagged behind business development. As a result, potential risks existed in guaranteeing system security and business continuity. Moreover, with a conventional information system, the low resource utilization resulted in the challenges of increasing device investment and O&M costs.
The company encountered four main challenges with the previous system. First on the list was system security. In the finance sector, the most important requirement for an information system is high security. In the old information system, the access control between businesses lacked far-reaching network security management. Consequently, precise management could not be achieved for the security control within the data center.
Second, business continuity could not be guaranteed. Due to cost and space limitations, the old data center with devices in two cabinets was not equipped with load balancing devices to provide load balancing services. Consequently, load balancing and automatic switchover could not be achieved in the network layer. In case of any fault, manual intervention was required to resume services.
Third, the infrastructure was not flexible enough. Lacking shared storage, the virtualization platform had to run on the local disk. In case of any server fault or adjustments to cabinets, devices, or networks, the virtualization platform may fail to work properly due to the lack of flexible dispatching in the O&M of existing infrastructure, leading to business downtime.
Fourth, the server utilization was low. To support business development, the information system faced ever-rising investment, O&M costs, and management pressure. In the existing environment, the virtualization platform runs on 6 servers, with each of them only able to support the capacity of up to 5 virtual machines. Business growth has stimulated extremely high demands for computation and storage resources.
Due to the limited machine room space and equipment budget, it is hard to continue the conventional approach of expanding resources simply by adding servers. Numerous tasks, such as business launches and resource provision, have exhausted the IT personnel. With insufficient manpower, no extra efforts could be made to manage and improve businesses as needed.
Due to these challenges, it was necessary for CITICPE to establish, in accordance with its own development features, a software-defined virtualized data center based on the virtualization of servers, storage, and networks. Only in this way could CITICPE realize the goal of quickly responding to business demands and improving IT resource utilization, while guaranteeing business security and continuity and reducing IT costs.
CITICPE collaborated with different manufacturers to conduct research on data centers, infrastructure, and business needs. After these preliminary efforts, CITICPE finally decided to use the VMware virtualization solution to build a new data center. Through this project, CITICPE sought to consolidate existing data center resources and increase data center space utilization, while achieving their IT construction goals of high-efficiency computation, no SPOF storage, and controllable business security.
Built upon VMware virtualization architecture, the new data center provides 80 to 100 virtual machines to meet the demands of current business and future development. At the same time, through the construction of vSAN-based distributed storage, virtual machines are provided with high-availability services, including HA, vMotion, and DRS.
Due to the environmental constraints of the previous data center, shared storage is not utilized to provide support for virtualized platforms, which creates tremendous challenges for businesses and management. With the new data center still facing space constraints, the vSAN solution integrating computation and storage can address the demand for small space and high capacity. In addition, the replication capability of vSAN is adopted to duplicate data, resolving the SPOF risks facing the physical devices of the data center.
For security rule refinement, VMware NSX provides micro-segmentation functionality that allows security groups to be defined according to the business, application, and virtual machine classifications. Different businesses are added to different security groups, with distributed firewalls imposing restrictions on the access control between businesses. With this functionality, security control is realized within the CITICPE data center. At the same time, the load balancing functionality of NSX EDGE allows applications to achieve layer 4 business loads and enhanced business continuity.
To achieve automatic control over the entire data center infrastructure, VMware Cloud Foundation can centrally deploy and manage vSphere, vSAN, and NSX and automatically judge the resource load and allocate applications to relevant environments. This streamlines data center management.
Major benefits of the new data center
After the VMware Cloud Foundation solution was successfully implemented, the issues facing the old data center were addressed satisfactorily, with remarkable results:
1. Improved business security: With the micro-segmentation solution provided by NSX, the secure access rules are defined based on the business and application scopes, and the business and application security groups are properly defined. New and old businesses are allocated to different security groups based on business categories before being classified by application type. Secure access rules are set to achieve business segmentation within the enterprise.
2. Improved server resources utilization: With vSphere Enterprise Plus, server resources are consolidated, with the server consolidation ratio increased from 1:5 to 1:20. As a result, current business demands are met and sufficient resources are reserved for business development in the next 1-2 years, although no extra space was added to the new data center. This solution maximized the data center’s space utilization.
3. Enhanced business continuity: With the consolidation of vSphere virtualization technology and vSAN distributed storage technology, the advanced capabilities, such as HA and vMotion, provide an excellent business experience. The Infrastructure O&M Department will no longer impact the continuous and stable operation of businesses through to changes to data centers, devices, and networks.
4. Intelligent O&M and enhanced operational efficiency: The virtualization technology makes it possible to centrally create, deploy, and allocate virtual machine, storage, and network resources. Utilizing dynamic resource load balancing, this solution provides intelligent load management.
5. Flexible resources and enhanced performance: The new system management platform actively plans for resource growth in advance and quickly responds to new demands, avoiding the previous need for frequent purchases and the slow speed of the process and allowing for the allocation of resources on demand.
Looking to the future
In the future, business development will be accompanied by a continuous growth in the number of virtual machines. Thus, current infrastructure resources will be gradually exhausted. It will be necessary for CITICPE to build a set of automatic O&M platforms on the software-defined data center, so as to forecast and monitor the status and capacity of computing, network, and storage resources in current virtualization platform, collect statistics on the virtual machine growth rate, and predict the time of resource exhaustion. In this way, CITICPE can prepare suitable hardware resources in advance to ensure smooth business development.