Data Center Construction for Leading Petrochemical Enterprise


1. Background

A well-known Petrochemical Corp and world-class enterprise integrating the oil refining and chemical industries located in Karamay, formally signed a strategic framework cooperation agreement with H3C in May of 2016 in order to better provide intelligent network services to its customers.

2. Customer Requirements

The service planning of a traditional data center is region-based. An IP address is often divided into Pods, and the same service is deployed in Pod network segments. Such network architectures exhibit clear planning and easy maintenance, but service has limited potential for expansion. The network architecture is composed of three main layers, primarily controlling the north and southbound data traffic. But because of the large-scale use of virtual machines (VM) in such data centers, virtual machine migration is characterized by east and westbound traffic. After VM migration, parameters such as IP and MAC addresses must remain unchanged, and a two-layer service network is required.

Security deployment is generally for security policies based on a path or topology. For security services, VLAN, IP and drainage policies must be manually configured based on service requirements. In case of any change in service, such policies must be reconfigured accordingly. In addition, traditional security deployment utilizes hardware, whose low activity levels due to sparse traffic result in wasted resources, whereas their performance may become insufficient should traffic increase. The performance of these security devices is often unable to expand dynamically or provide resources which meet traffic demands.

3. Solution

The whole network is divided into three modules, including a core exchange area, WAN and data center. Each module includes core devices, access devices and network security devices. The network is deployed based on the sub-module design and the layered construction of the data center, WAN, campus network, security, as well as integrated operation and maintenance.

H3C's AD-DC solution is a leading network and security solution in the industry, which improves operating efficiency, leverages network agility, and achieves scalability by rapidly responding to business needs. A single solution provides a number of services, which include virtual firewalls, multi-tenancy, load balancing, and VXLAN extension networks.

AD-DC can virtualize both network and security protection, thus creating an efficient, agile and scalable logical structure, while likewise meeting the virtual data center's performance and scalability requirements. AD-DC uses a security service chain architecture, and provides comprehensive security protection for the business by defining the security nodes passed by the business through the service chain.

4. Customer Value

Supported by Overlay technology, this plan for this data center offers the following value for Petrochemical customers:

It provides perfect network virtualization capabilities compatible with third-party devices, and constructs a "one network, one device" exchange matrix.

Based on an IP network, Fabric is built without special topology restrictions, as long as the IP is accessible.

The separation of the bearer network and the service network requires less alteration of the existing network and protects the user investment.

The network will exhibit abundant cloud characteristics after it is transformed. The multi-tenant scheme, which integrates computing, storage, network and security resources, is outfitted with disaster recovery capability.

The data center features a simple network configuration, as well as expansion and modification of the business without requiring alteration of the network, greatly reducing the workload of network operation and maintenance.

The network supports L2 and L3 without running the LAN protocol, and the backbone network operates without a large number of VLAN Trunks.

IP network segments for device interconnection and business communication do not overlap because of simplified network IP address planning..

Application deployment is accelerated, shortening its duration from weeks to days.