Enterprise Data Center

Cisco Systems' integrated data centre platform is proving to be the model foundation for the next generation of flexible, cost-effective and feature-rich hosting services from leading international IT services provider Atos Origin.

The market for data centre-based services is fiercely competitive, where the need to offer the keenest price is matched only by the requirement for absolute security and reliability of services that perform to stringent Service Level Agreements. Traditionally customers' needs have been met by providing a discrete platform. This has resulted in the proliferation of under-utilised siloed solutions. The challenge now is how to better maximise assets through more effective use of resources, without sacrificing security or introducing risk through configuration changes for one customer wrongly rippling through to others.

In little under three months from proof of concept, working with its data centre network infrastructure partner, Cisco Systems, the Atos Origin data centre organisation designed and implemented a new network design and business model built on Cisco's Enterprise Data Centre architecture. A common `distribution layer' allows core resources such as switching, firewalls and server load balancing to be securely shared by multiple customers within the data centre, while a second `access layer' makes it possible to cost-effectively provide dedicated resources on-demand to each customer.

Moving from a siloed architecture is enabling resources to be maximised, leading to capital expenditure (CAPEX) savings on the network infrastructure. Operational savings are also expected through equipment space and environmental facilities savings. In addition, lower management overheads and reduced risks are achieved following consolidation and upgrading of the data centre network infrastructure. Importantly, customer needs can now be met on-demand, at a lower cost and with reduced risk, with investment in new features being made as they are required. Significantly, the new architecture is being rolled out to other UK data centres as it becomes the corporate model going forward.

Within the UK, Adil Tahiri is a Senior Consultant leading a Technology Consulting team within Atos Origin. His job is to understand customers' needs in an increasingly complex and competitive market. Customers' requirements range from outsourced IT Management and Applications Management through to Business Process Outsourcing services. Increasingly, Business Continuity demands are more stringent, and the challenge is to ensure these needs can be met as cost-effectively as possible.

"Customers are looking for solutions that meet their business needs. Often they are also looking for direction as to the right solution. We work in a very competitive market, where everyone is looking for cost savings, particularly those coming from consolidation of resources," explains Tahiri. "At the same time quality cannot be compromised. Our contracts tend to be long-term. Outsourcing is a question of trust and we cannot afford to lose our customers' trust throughout our relationship with them. Balancing the often competing demands of reducing IT costs and increasing business demand while maintaining quality of service is what we do."

The desire to understand and meet customers' exact requirements has led to the creation of a series of solutions tailored to meet an individual customer's needs, each housed within the same data centre but with few resources being shared between customers.

"In 2003 we started to think about the significant overheads this approach incurred, not just in terms of under-utilised hardware but also the time and effort required for purchasing, installation and maintenance. At the same time we were also working on proposals for a number of significant contracts and recognized that, as they all had very similar requirements, it should be possible to share some aspects of the connectivity without compromising the security of each customer."

Cisco Systems has been an Atos Origin networking technology partner for many years. Not surprisingly, therefore, when it came to thinking about connectivity and particularly content acceleration via load balancing, the companies started to talk. Cisco was keen to understand the bigger picture and what solutions Atos Origin and their customers were looking for.

"We found that Cisco had a similar vision of a shared infrastructure. They also developed products that could be used to make it happen. We attended an Executive Briefing where Cisco outlined their view of a complete end-to-end solution from a data centre perspective. This gave us a lot of confidence," recalls Tahiri.

In order to better explore the options available, Tahiri led two workstreams-one investigating with leading `point product' vendors providing a customer-tailored solution, and another working with Cisco on developing a shared infrastructure.

"Cisco and Atos Origin had similar views about the total solution," explains Tahiri, "Cisco could offer an integrated solution with all the combined functionality we needed-from switching to firewalls and content acceleration and beyond." To ensure a full understanding of the business needs, Atos Origin and Cisco carried out several workshops together to design a solution that would meet the requirements of existing clients, bids in progress and anticipated future clients. During these workshops, the value became clear to Atos Origin of what Cisco calls its Enterprise Data Centre architecture.

This architecture is built from Cisco's recognition that in meeting the needs of increasingly data-centric businesses during the last decade, the typical data centre has seen applications hosted on multiple, stand-alone environments. Not only are these environments expensive to manage, it is difficult to respond quickly and cost-effectively to changing requirements, whether for bandwidth or security policy. The alternative is to create a resilient, agile data centre environment where managers can securely deploy new applications with appropriate performance levels. More than that, such investment should offer a rapid return on investment and lower cost of ownership.

The Enterprise Data Centre architecture meets that objective by enabling data centre managers to build a flexible, future-proof environment that integrates transparently with other components of the data centre using the concept of `functional layers.' These layers are:

This holistic approach aims to provide a comprehensive foundation for all the vital functions of a data centre, using the latest advances developed by Cisco in intelligent networking to provide a proven common infrastructure with the flexibility to offer customisable features.

Just one month from the Executive Briefing, the joint Atos Origin and Cisco team met at Cisco's Bedfont Lakes network laboratory to undertake a `proof of concept' of the proposed design. Cisco had built the planned network and for two days the team probed the design and the equipment. "The proof of concept was very important," explains Tahiri, "because no matter how much you read about a subject, nothing beats being able to see how it works and to discuss issues face-to-face."

The Atos Origin team also appreciated the fact that Cisco Systems' designs are based on a set of detailed blueprints that have been developed by its Enterprise Solutions Engineering (ESE) team in the USA. These blueprints capture best practice and also reflect Cisco's alliances with major application and hardware vendors to better ensure that the network infrastructure is optimised to run business applications.

The proof of concept was successful and the proposed solution was quickly put forward in response to Atos Origin's active client bids, including providing mission-critical hosted facilities for one of the UK's largest financial services firms and a nation-wide e-Government initiative. Asked if deciding on a Cisco solution was dependent on a winning bid Tahiri is quick to respond: "No. We made a strategic decision to invest because we believe utility networking is the future."

The core of the new foundation is the `distribution layer' of the IP infrastructure that is built around Cisco Catalyst 6509 multilayer switches running the latest third generation Supervisor Engine 720, equipped with various service modules in a redundant configuration. Internet access is provided over multiple 155Mbps links using Cisco 7206 Internet Routers running BGP (Border Gateway Protocol).

The second layer, termed the `access layer,' provides the flexibility to meet individual customers' particular needs, and typically comprises Cisco Catalyst 4500 Series switches with gigabit connectivity to servers and uplinks to the Cisco Catalyst 6509 multilayer switches in the distribution layer.

Asked about the technical highlights of the solution, Tahiri points to the scalability, availability and port density of the Cisco Catalyst 6509 multilayer switches. "The fact that you are able to insert various modules, including the firewalls and load balancing, means that you end up with effectively a single architecture providing core services with the ability to layer additional tiers on top. One can keep expanding the access layer while keeping all the main services on the distribution layer," he says.

"From our point of view this solution not only has cost benefits through ease of configuration, but also in reducing our response times to customers enabling faster time to market. Very importantly, risk dramatically decreases as you become more and more familiar with a single platform rather than adding complexity with separate tailored solutions."

Investment protection is another feature of the solution that is appreciated by Atos Origin. One example is the fact that despite being first launched over three years ago Cisco continues to develop the Catalyst 6500 series with the ability for it to be integrated with the new range of modules. Another example is the Supervisor Engine 720. "Because we know the roadmap for the 720 we are confident that the features we currently use will be supported in the future and that when we eventually upgrade we will be able to retain our current modules moving forward," says Tahiri.

Security is another key concern. The Firewall Services Modules (FWSM) are blade versions of the Cisco's industry-leading PIX firewall and offer the fastest firewall data rates in the industry: 5Gbps throughput, 100,000 CPS (characters per second), and one million concurrent connections.

Leading performance and richness of features also make the Cisco Content Switching Module (CSM) stand out. The CSM provides the highest performance and depth of inspection, as well as one of the most complete feature suites in content switching. The CSM is the first Server Load Balancer to support up to one million concurrent connections while sustaining multi-gigabit throughput, and simultaneously inspecting URLs and cookies or other content related information.

"This solution is taking us towards utility computing," explains Tahiri, "where resources can be provided on demand to meet a customer's need for increased bandwidth or extra security. Importantly, it also makes it simple to construct a clear cost model based on layers and services which can be shared with customers and enable them to better understand the impact of their requirements."

A significant benefit to customers is Atos Origin's ability to respond faster to customers' changing requirements. The need to create, for example, a new De-Militarised Zone for a customer can now be met quickly and easily. Similarly, if a customer wants to add more web services and introduce content switching, that functionality can be made available from the distribution layer. In the past, a new content switch would have had to be ordered, delivered, installed and configured with all the delay those processes would have incurred.

The team is also finding that the density of the Cisco Catalyst 6509-based solution makes it easier to manage complexity, such as the numerous VLANs (Virtual Local Area Networks) that a data centre has to support. Instead of numerous physical interfaces, traffic is supported via one piece of hardware which makes understanding traffic flows much easier than tracing flows between several different components.

For Atos Origin there are also other benefits. Not least is the reduced cost of purchasing and installing equipment, due primarily to the greater utilisation of resources compared to individually tailored units for each customer which are often under-utilised.

Reduced risk is another benefit, because with every new customer the foundation becomes increasingly `tried and tested.' "And with this reduced risk comes greater flexibility. We can offer more services simply by adding a blade, confident that those services integrate into the entire solution. No major `fork-lift' upgrades or major new designs are needed," says Tahiri. "This in turn makes it easier to sell value added services to our customers and for us to maximise our return on investment by timing the purchase of new features such as SSL (Secure Socket Layer) Offload for when they are actually required by customers."

In an environment where physical space and power represent a very real cost and concern, the density of the Cisco Enterprise Data Centre architecture is a real benefit due to the savings in rack space and environmental resource requirements, while the elegance of the solution is also improving ease of maintenance and network management issues such as diagramming and documentation.

Atos Origin's experience of the new architecture is such that it already plans to mirror the design in other data centres in the UK and adopt this architecture as the strategic solution.

Adil Tahiri concludes: "The key thing was the way we worked with Cisco. At a personal level they are very willing to help and you do get the feeling that they really appreciate their customers. Technically they were first class and their breadth and depth of knowledge was impressive."

Putting the partnership in perspective is Atos Origin's Paul Thomas, Connectivity Services Manager. "Hosting and Data Centre services sit at the heart of our managed operations business and our consolidation strategy forms a critical part of our ongoing business model. We collaborated with Cisco to build a hosting infrastructure in our main data centre, optimising Cisco's Enterprise Data Centre Architecture vision and roadmap enabling us to create a world-class capability. This strategic approach will lead us towards delivering a true virtual data centre environment," he explains.