Inside Cisco IT - Secure and Simplified Cloud Services With ACI

Inside Cisco IT:
Secure and Simplified Cloud Services with ACI

COCACI-2000
2014 Cisco and/or its affiliates. All rights reserved. COCACI-2000 Cisco Public
Agenda
ACI Technology Overview
Cisco ITs Data Centers
Cisco ITs ACI DC Architecture
Cisco ITs Cloud and ACI
Light Weight Applications
Cisco ITs Cloud Vision
3
ACI Technology
Application Centric Infrastructure
ACI Vision: Rapid deployment of applications onto networks with Scale,
Security and Full Visibility
OPEN RESTFUL APIS
CENTRALIZED POLICY MODEL
OPEN SOURCE
CONTROLLER POLICY MODEL NEXUS 9500 and 9300
ACI Bui l di ng Bl oc k s
Central Controller
Northbound and Southbound
OPEN RESTFUL APIS
OPEN SOURCE
S
o
u
t
h
b
o
u
n
d

N
o
r
t
h
b
o
u
n
d

vCenter
VMware
CIAC
Easier Configuration
Visibility
Troubleshooting
Integration
-Compute controllers
-Cloud orchestration
systems (automation)
APIC
6
Central Controller
Northbound and Southbound
OPEN RESTFUL APIS
OPEN SOURCE
S
o
u
t
h
b
o
u
n
d

N
o
r
t
h
b
o
u
n
d

vCenter
VMware
CIAC
APIC
OPFLEX
SOFTWARE
POLICY
EXTENSIONS
INSIDE +
OUTSIDE
OF THE DC
7
Tenant
!"#
%&
!"#
'""
!"# (!&
Whats an Application Profile ?
External
Network
End Points End Points
End Points
QoS
Filter
QoS
Service
FW/SLB
Filter
QoS
Service
SLB
Filter
Contract
Service Graph
Application Profile
8
Network Enhancements
less planned and unplanned application downtime
Network Enhancements
40 Gig (100 Gig Future)
Network Virtualization (Vxlan)
L2
enhancements
L3 only
No Flooding
ZTD
True traffic loadbalancing
(Flowlets)
9
F
a
b
r
i
c

(
A
C
I
)

No change
Migration
from Standalone to Fabric Mode
is possible
S
t
a
n
d
a
l
o
n
e

No change
Code
adjustments
Topology
Forwarding
Enhancements
Change
Change
Data Model
Policy Model
Topology
Forwarding
(Enhancements)
Major Change
Standalone Mode
devices
controlled
separately
Mode
Fabric Mode
Central
Controller
Mode
ACI
(Application Centric
Infrastructure)
Common Hardware

40 Gig (100Gig future)
93xx
9504
9508
Nexus:
9516
Nexus 9000 product line
10
Cisco ITs Data Centers
Global Data Centers
A
B
Tier-III
(Redundant)
Tier-II
(Less Redundant)
2x Texas
B
B
1x Amsterdam
1 x Singapore
B
B
Globally Centralized:
Business Apps
Continental Hub:
Order Processing, Comms
Continental Hub:
Communications
Cloud Services available
Private Cloud, self Service capabilities:
IaaS / PaaS
B
B
B
B
Latency-Sensitive
Software Development
Cisco ITs ACI Data Center Architecture

ACI Topology View
Flexible Topology
Virtual Boundaries
Physical and Virtual Services
Highly Converged Infrastructure
Easier to Manage
Vxlan
Leaf to Hypervisor
14
New Virtual Compute Design
Vmware only
traditional virtual compute design
N1KV Domain-1
Physical Leaf pair-1 Physical Leaf pair-2 Physical Leaf pair-3 Physical Leaf pair-4
Logical Pod-2
Logical Pod-3
Logical Pod-4
Logical Pod-1
vCenter Domain-1
vCenter Domain-2
`
vCenter Domain-3
vCenter Domain-4
N1KV Domain-2
N1KV Domain-3
N1KV Domain-4
virtual compute design on ACI
VMM Domain VMotion VMotion VMotion VMotion
15
Mapping of existing network aspects & applications to ACI Model
Contracts
Bridge Domain
Context
(VRFs)
ACI
Subnet(s)
IP to IP Communication
Tenant(s)
ANP(s)
EPG(s)
Fabric
External
EPG(s)
EPG(s)
SLB and FW config
Context
(VRFs)
Current DC
Network
Subnet
ACLs
(Permitted / Denied flows)
Service Graphs
Filters / Labels /
Bundles / Interfaces
Inner ANP Contract
Inner Tenant, Inter ANP
Contract
Inter Tenant Contract
Fabric External
Contract
Flexible building blocks
Grouping Separation
Security /Contract Management Framework
ANP(s)
16
Tenant Common Tenant 3 Tenant 2 Tenant 1
Cisco IT ACI Architecture: Logical View (networking elements)
EPG to BD to Subnets to VRFs to External
EPG-12
EPG-11
EPG-13
EPG-22
EPG-21
EPG-23
EPG-32
EPG-31
EPG-33
VRF-dmz
VRF-Int
EPG-Corp
EPG-
Other-DC
1.1.1.0/24
2.2.2.0/24
3.3.3.0/24
BD-Ext-2
BD-Ext-1
9396
9396
DC Core
(External)
DC Core
(Internal)
Internet
5.5.5.0/24
BD-int-2
4.4.4.0/24
BD-int-1
EPG-DMZ
EPG-
Internet
17
EPG-11
EPG-13
EPG-21
EPG-23
EPG-31
EPG-33
Internet
I
n
f
r
a

S
e
r
v
i
c
e
s

EPG-NTP
EPG-DNS
EPG-
Monitoring
EPG-!
EPG-12 EPG-22 EPG-32
Cisco IT ACI Architecture: Security to Infrastructure Services
EGPs and Contracts
EPG-Corp
EPG-
Internet
DC Core
(External)
DC Core
(Internal)
18
EPG-11
EPG-13
EPG-21
EPG-23
EPG-31
EPG-33
Internet
A
P
P

M
W

S
e
r
v
i
c
e
s

EPG-OAM
EPG-LDAP
EPG-OCM
EPG-!
Cisco IT ACI Architecture: Security to Application Middleware Services
EGPs and Contracts
EPG-Corp
EPG-
Internet
DC Core
(External)
DC Core
(Internal)
19
EPG-11
EPG-13
EPG-21
EPG-23
EPG-31
EPG-33
EPG-Corp
DC Core
(External)
DC Core
(Internal)
Internet
EPG-
Internet
Cisco IT ACI Architecture: Security to outside the ACI Fabric
EGPs and Contracts
20
EPG-11
EPG-13
EPG-21
EPG-23
EPG-31
EPG-33
Internet
FW
SLB
SLB
FW
SLB
FW
Cisco IT ACI Architecture: Client level Security and Services
EGPs and Contracts and Services (SLB, FW)
EPG-Corp
EPG-
Internet
DC Core
(External)
DC Core
(Internal)
21
Cisco IT: ACI and Automation (Cloud)
Delivering Infrastructure for Applications
and what can we automate ?
Physical Build
in the DC

Racking
Stacking
patching
Basic configuration of
DC Infrastructure
Client/App specifics
ACI for network items
ACI for network
and network security items
ACI & Automation
Application
Code
Specifics

Foundational Aspects
UCS
Switches
Storage
SLB
FW
Functional Aspects
(IaaS / PaaS)
xVMs
CPU/Mem per VM/BM
Storage per VM/BM
SLB setup
FW setup
OS
Apache/Oracle ! basic code
Build
Handover to
APP teams
1 2 3
4
High Integrity Automation Systems
Reduction of extensive (change management) processes
23
The Future: Private Cloud model
We all want to an End-to-End Programmable Infrastructure
Block Storage
Compute
IP File/ IP Block/ IP Object
Storage
vCenter
Controllers
Resource Managers
Orchestration
(Cloud)
CIAC
ASA
Client
Security
Admin
Compute
Network
Storage
Admins
PaaS
Resources
Prime
Eman
Infra
Portal
eACLm
Network
Integrated
Security
Application Code
Portal
Application/
Data Policy
Network
Security
Policy
24

ACI Program Quarterly Objectives: FY15
FY14Q3 FY14Q4 FY15Q1 FY15Q2 FY15Q3 FY15Q4
1
2
3
4
5
6
SJC-K Engineering DC on N9K
(standalone)

ACI Design and ACI Automation
(finalization)
FY15: +/- 4000 VMs on ACI
All workloads on ACI: migration of 2-3 years
Migrate SJC-K to Fabric
Cisco IT Private Cloud on ACI
RTP1 DC
Cisco IT Private Cloud on ACI
Allen DC
RTP1: Traditional Application Migration
(non-prod)
Allen & RCDN9: Traditional Application
Migration to ACI
(production apps wave 1)
Allen & RCDN9:
production apps wave 2
25
Cisco IT: Citeis and ACI
Client #3
(requires IaaS services only)

Give me the VMs and Storage
and Ill manage everything
above the OS to build my
application
Clients order higher order
services.

E.g. app. development stack,
databases, etc.

These internally use
infrastructure APIs to provision
compute/storage/network.
Client #2
(requires IaaS & PaaS services)

My needs are mixed. Ill take
all the goodies I can get, and
build the ones that I cant
Client #1
(requires PaaS services only)

Give me all the standard
goodies, and leave me just to
manage my application

Same as
use case #1
Same as
use case #3
builder of
SaaS services
What do the clients want from the infrastructure providers ?
27
Traditional
Network
Continuous Delivery
Lightweight App. Containers
API enabled Standard IaaS
Application Centric Infra. (ACI)
Dedicated
Platforms
LAE
ACI Fabric
Mobile Workload
Order
Mgmt
Pricing
Waterfall / Agile
Development
Stationary
Applications
Application Centric Cloud
Policy Control
Unified Infrastructure
Scalability
APIs
Intercloud
Adaptive Scaling
Feature Rich
DevOps
Open source
Quality Releases
Distributed Services
Cloud Scale
28
Cisco IT: Light Weight Applications
What What
Why Lightweight Application Environment (LAE)?
30
Note: Stackato is based on
Vmwares Cloud Foundry
LAE Evaluation Summary
31
Continuous Delivery
Development + Quality ! End to End Workflow
TBD
Client Involvement
Viable Product
Cloud, ERP, and Mobile
Application Development
Prioritized Sprint
Commit & Push
Code Review, Merge
Static / Dynamic, Progression /
Regression
Unit / Integration, Functional / Performance /
Security
Build, Test, Report
On-demand, Scheduled
Product Mgr.
Scrum
Master
Developers
Plan Develop Source Control
Management
Continuous
Build
Deploy &
Release
Adapt & Scale
Automated Testing
Group components
Application
Snapshot
Group Applications
Release Control Gates
Development

Staging

Production
Deployable
Artifact
32
Cisco IT: Cloud Vision
Plan

" Innovation Circles
" Architectural
Framework
" Active Stakeholder
Involvement
Changing the Way We Work: Continuous Delivery
Develop and Build
Continuous Integration,
On-demand

" Small Teams
" Cloud, ERP,
Mobile Apps
Automated Testing
Built by Developers-
No Separate Q/A

" Appropriate Risk Taking
Deploy and
Release
Configurable Control
Gates, Regularity
Compliance

" Working Prototypes
" Client Updates
Adapt and Scale
Policy Enforced Network,
Adaptive Infrastructure,
Workload Mobility

" Fast Results
34
Self-Optimizing Cloud
Policy based on
observed norms
35
CISCO IT DEMO:
Emerging Cloud Capabilities ACI, OpenStack

World of Solutions, Booth #735
Today 2:30pm 2:50pm
Join Us!
We will demonstrate a few of the emerging cloud capabilities enabled for Cisco IT Elastic
Infrastructure Services (CITEIS) using technologies like ACI, OpenStack and OpenShift.

We will describe how application policy controls, and programmable infrastructure can enable
elasticity, agility and continuous delivery of business capabilities.

Complete Your Online Session Evaluation
Give us your feedback and you
could win fabulous prizes. Winners
announced daily.
Complete your session evaluation
through the Cisco Live mobile app
or visit one of the interactive kiosks
located throughout the convention
center.
Dont forget: Cisco Live sessions will be available
for viewing on-demand after the event at
CiscoLive.com/Online
37
Continue Your Education
Demos in the Cisco Campus
Walk-in Self-Paced Labs
Table Topics
Meet the Engineer 1:1 meetings
38
Thank you.

Inside Cisco IT - Secure and Simplified Cloud Services With ACI

Uploaded by

Document Information

Copyright

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Inside Cisco IT - Secure and Simplified Cloud Services With ACI

Uploaded by

Copyright:

Inside Cisco IT:

Secure and Simplified Cloud Services with ACI

You might also like