Saturday, April 3, 2010

BoxedUC Appliance – Part II

After some investigations see this blogpost on the new BoxedUC Solution (Part II). The basic idea in designing boxedUC was to create a private cloud to be installed in customer’s premises providing all the services in the smartest way and avoiding big infrastructures in terms of hardware.  So, virtualization is the central technology qualifying the system to this role.

The choice is Microsoft Hyper-V in Windows Server 2008 R2 (Datacenter / Enterprise edition) running on a powerful hardware enabling to run all UC services with an high end quality for organizations up to 500 users.

The basic hardware configuration for the appliance is:

  • 2 x Intel Xeon quad core processors (16 cores with Hyper threading!)
  • 64 GB RAM
  • 15.000 rpm SAS Hard disks

The system has been tested with several stress-test, done with official Microsoft tools running UC systems on the appliance, and the results were very good in terms of load/response of the Hyper-Visor.


This picture shows the measure of the Hyper-V Logical Processor usage during a test with 500 UC users; the value for an healthy state should be under 60% average. As by the graphs, during our tests on boxedUC we got an average usage of 7%.

To guarantee architectural and security requirements inside the Hyper-Visor (and inside the whole system), the different networks has been created, divided in the following roles:

  • Public front-end
  • DMZ
  • Private back-end
  • Management (H24x365 monitoring and management)
  • Service (installation and emergency)

The networks could be configured depending on the customer’s network: for example boxedUC could be stand-alone or integrated and adapted to an existing infrastructure (ex: below a customer’s firewall).

clip_image006  clip_image004

The security, one of the strategic target of boxedUC engineering, is managed on different levels:

  • Network: boxedUC is protected by a local firewall and the differentiation of networks (DMZ)
  • Antivirus local: each host is protected by Microsoft Forefront
  • Application Antivirus: application servers are protected by specific Microsoft Forefront plug-ins
  • Perimeter SMTP: mail messages are relayed by a data center infrastructure through a multi-level antivirus and anti-spam engine, managing the mail queue in case of back-end-fault and avoiding the direct publishing of the Exchange on the public network
  • Management: all connections set up between the provider’s infrastructure and the appliance for management purposes is tunneled in an encrypted connection.
  • Patching: all security patches are tested and automatically applied through a WSUS service
  • Monitoring: all hosts (virtual / physical), services and performances are continuously monitored by a centralized system
  • The engineering of the system permits to reduce the installation time and operations to minimum. The first activities after plugging the power and switching-on the appliance are:
  • Set-up the IP address for the management network through a local web “service console” reached by a pc directly connected to the appliance (service network)
  • The provider’s staff reaches the appliance through a secure VPN on the management network

At this moment the provider’s staff will configure other necessary IP addresses,


the networks matrix and the public DNS service. In less than two hours the system is up and running. Immediately after the go-live a backup of network configuration is taken by the provider’s and stored in a data center to reduce eventual restore operations time.

Scripting has been used to manage the turn-on/switch-off procedures of the entire UC environment: a windows service using Hyper-V primitives and the Windows services monitoring allow to control the turn-on/switch-off processes.

In the next articles we will go deeper to the Microsoft UC services, the interactions and the self-management, meanwhile please check!

No comments: