This post discusses recommended services for on-prem virtualization infrastructures. The post is also available in my podcast.
When deploying an on-premises virtualization infrastructure (which could also be thought of as a private cloud with the sole customer being the enterprise/organization itself) there are services and server roles which should be considered in order to achieve a complete virtualization solution. This article provides an overview of recommended services for on-prem virtualization infrastructures.
- Directory services. As an example, Microsoft Windows Server Active Directory or other LDAP-based solution can be deployed. In the case of Active Directory, a comprehensive list of Group Policy Objects (GPO) should be designed.
- DNS services. An an example, Microsoft DNS server or Unix-based BIND DNS servers and DNS zones can be deployed.
- Certificate services. This constitutes a private Certificate Authority for an organization and can consist of an Enterprise Root Certification Authority and various other subordinate authorities in the organization structure.
- DHCP services. Various DHCP server implementations are available out there, including both hardware-based and software-based solutions.
- Package update service. Either Microsoft Windows Server Update Services (WSUS) or a Linux automatic package update management solution should be considered for the operating system.
- Application update service. Ranging from sophisticated platforms such as System Center Configuration Manager to more lightweight solutions such as PatchMyPC updater, an application update solution should be in place.
- SQL and non-SQL database services. There should be a highly available solution for creating SQL and non-SQL instances to be able to host databases.
- File services. There should be a highly available solution to host file shares. There are various protocols to support this functionality, including the Windows SMB/CIFS protocol to Linux NFS.
- Application servers. These server roles could range from HTTP to Web App servers and could host a variety of Web, Windows and containerized apps.
- Remote access services. This includes a VPN infrastructure in place for site-to-site or remote access VPN as well as a solution for remote working functionality. There are various available remote working solutions available, including Citrix Virtual Apps and Desktops, Microsoft Windows Virtual Desktop (WVD), Microsoft Remote Desktop Services and VMWare Horizon View.
- Backup and disaster recovery services. A backup solution should cater for safe backups taken for files, databases and virtual machines. A backup plan should always be in place and should always include step-by-step restore procedures which should be adequately tested. The backup solution should incorporate both on-prem and cloud backup options. Optionally, a disaster recovery solution could be considered (warm site, hot site, cold site) but this usually requires considerable implementation effort and increased costs.
- Antimalware real time scanning services. This includes real time scanning for malware and protection from ransomware.
- Migration services. This includes Physical to Virtual (P2V) tools for migrating existing physical servers to virtual machines as well as various tools and methodologies for migrating applications and data to new virtualization environments and cloud platforms.
- Management and monitoring services, including a management virtual machine. There should be a virtual machine with all management and monitoring consoles and agents installed on it, so that all administrator users can access all administrative interfaces of all above server roles and systems via the management VM only, without directly accessing the individual servers.
- Cloud automation (orchestration) and devops services. These include various components such as the following:
- Servers for cloud systems provisioning and deprovisioning, such as iPortalis and DotNetPortal.
- Automation servers scripting and for Infrastructure As Code functions, such as Ansible, Terraform, Powershell DSC, Puppet, Chef.
- Other containerized services such as Docker-based Jenkins for Continuous Integration / Continuous Deployment (CI/CD)
- Hybrid cloud integration services. Last but not least, a modern virtualization platform requires the means to integrate with public clouds and offer hybrid options to it users. This in most cases requires sync agents and tools for connecting with MS Azure, Amazon Web Services, Google Cloud Platform, IBM Cloud and other available public cloud services. Many organizations nowadays decide to outsource key enterprise services, such as email, collaboration and ERP systems to public cloud services, such as Microsoft 365. In the case of Microsoft 365, Exchange Online and Sharepoint Online are the key and most preferred services.
All above services have implementations in both Windows Server and Unix/Linux servers. Also all above services depend on the existence of multi-layered networking and shared storage infrastructure as a per-requisite. The multi-layered networking infrastructure should more specifically include the following components/roles.
- L3 switches or routers + L2 switches. Switches should follow a layered approach depending on the organization size and requirements.
- Load balancer
- Application delivery controller (gateway) (L7 device)
- Proxy and reverse proxy appliances
- IDS/IPS devices
There are various recommendations for increasing the high availability (clustering, load balancing, mirroring, etc) and security levels of the overall infrastructure. These recommendations are provided by the respective software vendors depending on which hypervisor platform the virtualization solution is based on.
- Microsoft HyperV
- VMWare VSphere
- Citrix Hypervisor
- Nutanix Acropolis
- Linux KVM based solutions, such as Apache Cloudstack, Openstack and oVirt open source virtualization platform
- Other third party proprietary or open source virtualization solution