Virtual Staging Environment Allows Us To Push The Innovation Envelope
At SYNAQ we have to keep pushing the envelope when it comes to innovation and server design. Some of the ideas we would like to test obviously cannot be carried out on our production servers without affecting our clients, and additionally we need a platform where we can test our upgrades and high availability configurations. Essentially, we need to determine the possible effects of our development and critical patch fixes on stability and performance.
We have addressed the above requirments by building a quarrantined staging environment using linux KVM virtualization and readily available open source tools for VM management. Our KVM server is more than just a VM server. It plays a dual role as both a provisioning platform for physical deployment and simulating real-world server environments before deploying, as well as providing a hypervisor role for provisioning virtual servers and testing within a virtual network. For this reason the KVM server has 2 Bridged networks which enable all aspects of its architecture to interact with both the virtual networks and real-world physical networks. For provisioning, we using Kickstart to deploy new server installations with the bootp protocol.
INET
This bridge is used to proxy Kickstart traffic between the VM network and the SYNAQ kickstart server. It also serves to enable internet access for VM hosts over the default LAN firewall. This bridge is only allocated to a Virtual Router VM which bridges the VM only network and other physical networks. Access to all networks, including internet access, is only possible via the Virtual Router appliance.
VMLAB
This network is automatically assigned to newly provisioned VM guests on it's own subnet. All VM's created in the VMLAB network are allocated DHCP addresses and routing via the VMLAB interface on the Virtual Router. This is a VM host only network, meaning that without the Virtual Router's role, these hosts would normally only see each other and no other routable networks would be available. Broadcast traffic from this network is restricted to this network and not allowed to interfere with physical networks via packet filtering on the Virtual Router.
KICKSTART
This bridge is allocated to a dedicated switch and it serves to provide a controlled environment for rolling out new server deployments from the kickstart server. By using the KICKSTART network for deployments, protocols such as DHCP are prevented from interfering with or directly ineracting with LAN workstations on your real network. Additionally the KICKSTART network can be used for provisioning and testing servers in an environment that fully simulates the network they are destined to be installed in.
To create a simulated environment, new servers are provisioned with the actual network settings they will be using at deployment, and the real world gateway ip is aliased on the KICKSTART interface of the Virtual Router appliance. Doing so, allows us to deploy multiple physical servers that interact with each other on the KICKSTART switch, while using the Virtual Router to simulate live internet traffic. We are also able to create a hybrid network of VM hosts and physical servers which interact via the Virtual Router, and by making use of iptables DNAT or SNAT on the virtual router, we could even test live interaction between the servers being tested and deployed servers on the internet if we need to.
VIRTUAL ROUTER
This appliance has all bridges allocated to it and acts as the multiplexer for switching traffic between all network segments as required. By means of the Virtual Router, we can RDP or SSH to VM hosts, allow interaction between VM hosts and physical servers on the KICKSTART bridge, or test internet breakout and routing via connected ADSL. This device is core to all network simulation and has been instrumental in thorough testing of deployments in the past - with good effect.
We have cloned SYNAQ's core cloud servers into a fully routable copy of our cloud network. This environment allows us to test configurations, email delivery and development code with absolute certainty of it's effect on our production servers. Additionally, we are able to provision new production servers into this staging network and fully test them before deploying them in our hosted environment. Used correctly, the Virtual Router radically reduces deployment time and testing of complex network infrastructures, allowing us to install a new server in the rack and walk away!
Although the Virtual Router carries the exact same ip range as our public cloud servers, the isolation of the Staging network allows us to carry identical copies of our production network servers without any risk of ip conflict in the real world. We highly recommend a similar solution for anyone who shares the same high availabilty requirements as us!
KVM Virtual Server Layout
Tags: INET, Innovation, Kickstart, Virtual Router, Virtual Staging Environment, VM Server, VMLAB