Housekeeping• We value your feedback• Please dont forget to complete session evaluation• Please remember this is a non-smoking venue!• Please switch off your mobile phones
Abstract• Attendees should have a basic knowledge of Data Center, Network Management and Automation• Knowing VMware, UCS and SAN concepts is good for this session• 90 min session• Will not be able to cover configuration and troubleshooting detailsQ/A Policy • Questions may be asked during the session • But due to time limit, flow and respecting every one‟s interest, some questions might be deferred towards the end
Agenda• Cloud Automation?• Cisco Cloud Automation Stack• Cloud In a Box• Case-Study #CiscoPlusCA
Let‟s Start with a Definition of CloudIT Resources and Services thatAre Abstracted from the UnderlyingInfrastructure and Provided“On Demand” and “At Scale” in aMultitenant and Elastic Environment A Style of Computing Where Massively Scalable IT-Enabled Capabilities Are Delivered “As a Service” to Multiple External Customers Using Internet Technologies Source: Gartner “Defining and Describing an Emerging Phenomenon” June 2008 Anywhere, Anyone, Any Service
Cloud ArchitectureCloud Foundation Blocks Visual Model of NIST’s Working Definition of Cloud Computing Measured Service Rapid Elasticity Essential Characteristics On-Demand Broad Network Resource Self Service Access Pooling Service Software as a Platform as a Infrastucture as a Models Service (SaaS) Service (PaaS) Service (IaaS) Deployment Public Private Hybrid Community Models http://www.nist.gov/itl/cloud.cfm
Cloud ArchitectureElements of Cloud Computing• Self-Service Interface: Provides ability Automated for users to order and Very fast fulfillment provisioning/ Standardized track metered services Web-based de-provisioning Metered front end usage offerings of resources• Service Delivery Automation: Broad Automates provisioning and meters Rapid Measured On-Demand Network Elasticity Service Self-Service usage of services Access• Resource Management: Resource Pooling Resources are provisioned and managed as per service needs • Dynamic resource allocation• Operational Process Automation: • Capacity management Automates operational processes such • Resource utilization as user management, capacity management, service level • Performance management management, service desk integration, • Maintenance alerting… Lifecycle Management of Cloud Services• Lifecycle Management
Cloud ArchitectureDelivering a (complex) service – faster with end-to-end automation Architect it Architect it Design it Design it Where can we put it? Where can we put it? Procure it Procure it Install it Cloud Install it Configure it Configure it Secure it Automated Secure it Manual Self-service Is it ready? On-demand Is it ready? Before After • Machine-oriented • Service-oriented • Manual provisioning • Self-service; automated provisioning • Hard to control utilization • Elasticity (capacity-on-demand) • High provisioning & ops cost • Optimized provisioning & ops cost • Extended provisioning time • Rapid provisioning • Configuration risk • Increased Resiliency and Availability
What is Cloud Computing From An End-User Perspective Take an example of electricity, where every household easily accesses the electric grid and consumes power for various applications (e.g., lightbulb, refrigerator, dishwasher) without having to build and maintain a personal power generator.
Use Case: Application Dev/TestComplex, Time-Consuming, Expensive Provisioning Process Application Development IT Infrastructure/Ops Call or email IT One-Off Operations Custom Server Builds $ Architecture Incomplete Reviews Requirements ? Approval Add Security, Process Back-UP, etc. ? ? Track Down Exception Status Management ? ?
End User Self-Service Governance Service Orchestration Compare Element Managers Service Tiers and Options UCS Manager Guided Shopping Cisco Tidal Enterprise „Wizard‟ Orchestrator newScale VMWare vCenter Catalog Policy-Based Global Controls Orchestration Service Rich Requests Interactive EMC/ NetApp Forms Storage Provisioning Ordering and Approvals Cisco Server Provisioner Status Updates
About CIAC• Pre-packaged cloud content and orchestration workflows – Self-service portal build on Cisco Cloud Portal (CCP) aka newScale – Orchestration built using Cisco Process Orchestrator (CPO) aka Tidal/TEO• Designed to accelerate – Implementation of the self-service portal – Automation of common infrastructure/platform provisioning tasks• Features –Lifecycle activities, i.e., provision, power off, power on, reboot, add resources, de- provision virtual machines – Physical machine provisioning – Comprehensive view of service items, i.e., virtual machines, storage, etc. – Capability to integrate other content (not preconfigured) #CiscoPlusCA
Cisco Intelligent Automation for CloudOff-the-shelf IaaS Cloud Solution with Integration Capability Service Catalog and Self-Service Portal Intelligent Automation for Cloud Cloud Automation Pack Cisco Cloud Portal CMDB Global Orchestration Cisco Process Orchestrator IT Service Management Tools Adapter Framework Billing/ Chargeback Infrastructure Virtualization OS/Software Provisioning Management Management Cisco Server Monitoring e.g. UCS Manager Provisioner Compute Virtual Network Storage Resources Machines Resources Resources
Cisco Intelligent Automation for Cloud Self-Service Portal and Service Catalog Define and Publish Track and Manage Standard Options Chargeback Architecture & IT or ShowbackManagementManagement Policies & Self-Service Request Approvals & Controls Governance Developers Orchestrate Report Delivery ConsumptionLifecycle Management Security Operations Process Orchestration and DR Automated Provisioning
• User-facing modules: – MyServices™ enables customers to find services, create requisitions, and track service requests. – ServiceManager™ enables service teams and their outsource providers to manage and track service requests and service level agreements. – Reporting provides a set of reports, metrics and Key Performance Indicators (KPIs) for monitoring service delivery operations. – Advanced Reporting provides ad hoc reporting and report authoring to enable root cause analysis and customized reporting for monitoring and managing service delivery operations. Uses IBM Cognos reporting and data management tools. – ServicePortal™ provides a customizable portal for RequestCenter that can replace or supplement the MyServices home page.
• Service: A service “product” that can be requested by a customer• Requisition: A “shopping cart” that can contain one or more requested services• Category: (Display Category) A heading that exists within the MyServices catalog to help customers find a service that meets their needs• Keywords: Words associated with a service that are used to support searching for a service within MyServices• Initiator: The person who initiates a request for a service• Customer: The designated recipient of a requested service• Order on Behalf: Request a service for someone else
Cisco Cloud Portal (CCP)An Online Catalog of IT Services The catalog should promote your standard offers and options – it‟s your brochure, menu, and storefront for IT consumers. Include your branding, images, service tiers, SLAs, pricing, etc.Source: newScale product screenshots.
Cisco Tidal Intelligent Cisco Intelligent Automation Cisco Intelligent Cisco BI Go to Market Automation for SAP for Cloud, for Compute Automation for Networks Appliance in Domains Automation Packs Delivery via CPO Business App (ex. SAP) Cloud Intelligence Engine Cisco UCS Cisco Network Storage • Role-based accessDelivery IT Processes Automation • Task Delegation Day 0 Service Assessment • Process Execution • Web Based Portal Day 1 Day 2 Day 3 • Scheduling• Client Console Service Service Service • Event triggering Delivery Operations Optimization• Reporting • Human Approvals• Ticketing Integration Automation Core Platform • Assignments &• Operations Managers Set of Core Processes, Activities, Events & Tasks Notifications • Auditing & Reporting• CLI Adapters Network & Servers Applications Storage Data Center – Physical and Virtual Infrastructure
Automation PlatformDocumented, Repeatable, and Auditable Processes Configure (Processes, Activities) • Drag-n-drop Studio • Out-of-the-box flow activities, processes re-use • Out-of-the-box integration adapters Value Points Rich workflows that go beyond modeling just alert notifications Ability to perform corrective actions Ability to incorporate human and assigned tasks (i.e. approvals) Ability to enable improved process re-use, less dependable on scripting and coding Enables operational process modeling (i.e. system refresh)
CPO System Architecture Service Desk CMDB Adapters Web UI Remedy Central Event Manager Reports Expert UI Web CLI Microsoft SCOM Global IT Infrastructure Server SNMP AD / LDAP Web Service Interface Change & Configuration AD-integrated Role-Based Security Email (SMTP, POP, IMAP) Applications CPO Server Web Services (Process Engine) Software Infrastructure SAP ABAP, CCMS App ServerReportingDatabase SAP JMX / Telnet Database(s) Data Holding Bin OLAP (SAP BI) OSes Oracle, DB2, MS SQLReporting Editor Generic DB (OleDB) Virtualization Support Windows Servers VMWare Process DB Network (configuration, audit) Cisco UCS Automation Pack Terminal (SSH, Telnet) Storage
CPO Key Concepts • Process • Targets • Triggers • Process Inputs • Process Outputs • Global Variables • Process Variables • Activities • Logic • Approvals • Assignments
Intelligent Process Editor No Code Setup Adapter Toolbox Drag and Drop Activities Automation Summary Approvals, Human Interface, Alert, Incident, Change Request Drag and Drop Logic
Execution (Run-Time Model)• Visually-guided mode Value Points Provides visibility across functional teams Easier to troubleshoot processes
• Commission a New Application Server on Linux • Decommission a Physical Server• Commission a New Application Server on Windows • Decommission a Virtual Server• Commission a New Database Server on the Linux • Modify Virtual Server Configuration - CPU Count• Commission a New Database Server on the Windows • Modify Virtual Server Configuration - Memory Size• Commission a New Physical Server with Linux • Power off a Virtual Server• Commission a New Physical Server with Windows • Power recycle a Virtual Server• Commission a New Virtual Server with Linux • Snapshot - Take a Snapshot of a Virtual Server• Commission a New Web Server on the Linux • Snapshot - Revert to a Snapshot of a Virtual Server• Commission a New Web Server on the Windows• Commission a VMware ESX Host
• OS – Windows 2008 64-bit – Linux (CentOS)• “T-Shirt” Sizing – Small – Medium – Large• Service Levels – Gold – Silver – Bronze
• Administrative Login/Password Policy – Set to default to Administrator/Root Login – Generic password from template• Approvals – None configured• Catalog Views Configurable – Use role-based access controls to filter catalog views – Set service item management controls• Service Item Ownership Configurable – “Owned” by individual – “Owned” by organization
• Single-tiered Organization Structure – Configured and maintained using OrganizationDesigner • Every user must be assigned to a business unit as their “Home Organization Unit” (Home OU) • Organizational Unit ID registered in CPO (manual process) • Need to create service teams and associated work queues • Organization authorization structure would have to be created• Authentication – CCP login page – LDAP and single sign-on possible but not configured out-of-the-box• Role-based Access Control – Common portal administrator/user roles • Customer Administrator • Portal User • Organization Administrator • Cloud Administrator • Site Administration
• Resources assigned in Cloud Governor Database at “onboarding” time One per organization Required Data* Organization ID Organizational Unit ID from CCP organization creation Organization Name Organization Name from CCP organization CPO Owner CPO web service target name Server Domain Domain that will house customer VMs. Public Network Path From vCenter inventory. The network assigned for VMs. For example “DatacenterName/Network Name VMware vCenter Owner The name of from vCenter Target that was defined. Maps to the vCenter Target in CPO. VMware Default ESX Host The host that will be assigned to the customer for them to use to provision VMs VMware Resource Pool Path vCenter Resource Pools. Compute resources, i.e., vCPU, Memory, assigned to the customer VMware Datastore Path The assigned storage resource for the customer. VM Inventory Path vCenter folder for customer VMs. All folders have to be preconfigured in vCenter. CPO does not create. * Additional required data for Physical Server provisioning
• IP Addresses Defined in CPO at Required Data* “onboarding” time for eventual assignment Starting IP Address to VMs. Ending IP Address• One or more public IP address pools for Subnet Mask each defined organization. Default Gateway• CPO expands the IP Address range in DNS Governor database to use to assign to customer VMs during provisioning and then to reclaim during deprovisioning. * Additional required data for Physical Server provisioning-Management IP Allocation.• No firewall or network management.• No static IP assignment.• If two network interfaces required, could use public IP and management IP.
• One or more VMware templates must be pre-built and configured within VMware vCenter to use for cloning new virtual servers.• Templates attributes must be added to the CCP standards table according to the type of template – Application server – DB server – Web server• Templates must also be registered in the Cloud Governor database.
IaaS Software Orchestration LDAP Authentication Cisco Cloud Microsoft Portal Active Directory Cisco Process Orchestrator (CPO) Adapters Cisco UCS vCenter CA Microsoft Billing Networking Manager MRTG Monitoring TicketingMS AD SQL Exchange ESXi Hosts
Key Design Points – Portal• Content/Orchestration built in Cisco lab designed to simulate customer architecture – Small-scale network – Stub-outs in Orchestrator (CPO) for some next phase network and billing requirements• Portal and Orchestration is custom built – Portal organization structure designed to meet hierarchical requirements – Eliminated integration/message chatter in portal Comments section – Created parameter-driven agents for bi-directional communications between orchestrator/portal
Key Design Points - Orchestrator• Orchestrator (CPO) using Change Request based workflow triggers• Multiple workflows can subscribe to events and react • Parent workflow creates change request object and assigns parameters to it • Change request creation triggers other workflows that listen to object• Using Orchestrator (CPO) Target as Data Model Object • Allows a way to access, create and update cloud data model • Targets have strings or integers (IP address, name, ID, etc) • Targets can have reference pointers targets to other targets which can transverse and walk down the object graph.• Orchestrator (CPO) automated workflow for regression testing • Orchestrator custom built unit test workflows running daily testing code differences
Extensible POD Design SQL Server CCP SQL Server Process-M DB Process-S DB CPO-Master Cloud Governor DB SQL Server SQL Server CPO-POD1 CPO-POD2 UCS VMware UCS VMware SAN Storage SAN Storage Manager vCenter Manager vCenter#CiscoPlusCA
Error Handling• Extensive error handling implemented• Error handling task for all orchestration tasks. Activated when error message is returned to portal• Resource rollback on failed tasks: VMs deleted in vCenter, IP Address released to IP Pool, Service Targets deleted• “Take-2” tasks available for Virtual Machine and Storage Services if support team can fix the source of the error• Organizational maintenance tasks allow support team to update form data in the event work must be manually processed #CiscoPlusCA
Integrations – Adapters/Agents Implemented• REX - Used for Portal automation to create Organizational Units and hierarchy• HTTP/WS - Standard Product adapter for communicating with Orchestrator• Agent and workflow to interact with CA Help Desk• Agent and workflow to interact with MRTG Monitoring tool (open source)• Agent and workflow to interact with Active Directory• Agent and workflow to collect data for billing in a mediation server (Comptel)
Onboard a New Customer Establishes the Multi-tiered Business Unit OU Structure Defines the Commit Levels that control billing Creates a Customer Administrator in • RC • AD • CA • MRTG Establishes the service items/governor DB items for • Customer • Contracts • Network • Accessibility Options
Customer Onboarding Process• Onboard Tenant – OU and Admin – For Billing – For Monitoring – For CA Help Desk – vCenter Properties• Onboard Admin/User – Tenant MRTG Admin – AD Cloud User – CA Admin #CiscoPlusCA
Provision a Virtual Machine Work Plan Manual Error Handling Task for each automation task Error message posting in service form for service teams Service target and resource allocation (VM, IP) rollback per automation task if failure Take 2 opportunity to restart failed workflows
Provision a Virtual Machine Orchestration - Success Different types of VM actions are handled Each of these steps in the workflow check for errors This trigger “newScale Complete ServiceRequest” work to provide on SUCCESS of VM related workflows Creates multiple parameters and sends to Cloud Portal
Provision a Virtual Machine Orchestration - Failure Different types of VM actions are handledEach of these steps in theworkflow check for errors This workflow “newScale Complete Service Request Failed” runs if VM related worfklow fails
Provision a Virtual Machine Orchestration –Targets as Data Model Objects Reference pointers other targets. Creates an object graph to walk down the object path and access other related objects String/integer type properties
Deprovision a Virtual Machine Work Plan• Shameless borrowing from C&W project• Disable access to VM and stop billing when request submitted, delayed removal• Timed warning before actual deprovision/ deletion provides opportunity for reinstatement• Service targets and resource allocation release moved to final steps to eliminate duplications