Cisco Prime Network Services Controller

Like this? Share it with your network

Share

Cisco Prime Network Services Controller

  • 8,181 views
Uploaded on

Learn more about Cisco Prime Network Services Controller and how you can manage network automation for your enterprise. Learn more at http://www.cisco.com/go/services-controller.

Learn more about Cisco Prime Network Services Controller and how you can manage network automation for your enterprise. Learn more at http://www.cisco.com/go/services-controller.

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
8,181
On Slideshare
2,735
From Embeds
5,446
Number of Embeds
4

Actions

Shares
Downloads
117
Comments
0
Likes
2

Embeds 5,446

http://www.scoop.it 5,432
http://translate.googleusercontent.com 7
http://webcache.googleusercontent.com 5
http://blogs.cisco.com 2

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • So how exactly do you manage a cloud network? And what are the main characterizations of this new network environment?From an operational flow, look to the right-hand side. An operator– who could be either a cloud ServiceProvider or a large enterprise that is serving different organizations– would need to go through different steps to deploy its services. Starting withService Definition,Environment Set-up, andAnd Resource Allocation.And this new deployment model becomes even more complicated if you are adding all other variables.You can no longer have silo management, as the expectation is to have a self-service portal that allows customers to manage their environment through a single API. Your management solution needs to co-exist with other pieces like hypervisor managers, orchestration tools and element managers.In other words, your environment is not isolated any more, multi-tenancy and collaboration among groups and companies is required.Environments are much larger,traditional 4k VLANs are no longer enough– so we had to come-up with new technologies to address new requirements. The need from a management stand-point is to support those new technologies and be able to scale-up to the new numbers.Static versus dynamic, resources are virtualized, can be mobile, and can be spun-up on the spot and attach to your network.Supporting private clouds only is no longer sufficient, customers may have resources across the private and public environments, so customers are now demanding that they should be able to bridge over secured tunnels and have a management that can expand across boundaries, since customers aren’t willing to have isolated management.All of the above capabilities need to be aligned with new movements like SDN and open flow and enable transparency and API accessibility to the entire feature-set.
  • All in all, VNMC offers these following benefits:The ability to construct a hybrid cloud environment (and configure solution components with Nexus 1000V)VM operation to manage day-to-day operation activities,Service assurance and alert on service degradation,System Management for single place of operation supporting enterprise management standards,And Management Orchestration to integrate with internal and external management systems.
  • This is where the Virtual Network Management Center (or, VNMC) comes in. VNMC has been designed with virtualization challenges in mind, focusing on network virtual service deployment.VNMC is a centralized multi-device and policy management tool for Cisco network virtual services, It provides:Rapid and scalable deployment through dynamic, template-driven policy management.Easy operational management through XML APIs to help enable integration with third-party management and orchestration toolsA non-disruptive administration model that enhances collaboration across security and server teams while maintaining administrative separation and reducing administrative errors.VNMC breaks traditional management silos, by abstracting network services data, and exposes them through a single management API. This allow customers to reduce their integration costs, by integrating into a single management platform and API.VNMC is a multi-tenant management solution, and enables the collaboration among server, network and security admin, in an environment that can be managed and overlapped between SP and Enterprise organizations.VNMC Covered Aspects:Building Blocks - Main functionality (in the blue)Multi-Service Support (including Nexus 1000V Intercloud, Virtual Security Gateway-VSG, ASA 1000V firewall, and more)VNMC is Hypervisor agnostic (on the far right)Multiple Ecosystem Support (including Cisco Intelligent Automation for Cloud, vCloud Director, and more)Advanced Capabilities (far left)
  • At its core, VNMC is a network management tool that will allow the operation of day-to-day activities, including network infrastructure provisioning and VM (virtual machine)/workload migration across a variety of networks. We are expecting to expand VNMC’s capabilities to Microsoft Hyper-V in our next release, and have already announced the next major release of VNMC 3.0, or VNMC InterCloud shipping later this year which will support hybrid cloud environments in the Nexus 1000V InterCloud solution.Enterprises are increasingly moving to hybrid clouds to gain the benefits of public clouds - agility, on-demand provisioning, pay-as-you-go capability, and elastic scalability - along with the benefits of private clouds. Private clouds have some advantages, allowing enterprises to design and customize their infrastructure and control security. However, private clouds are usually less agile than a public cloud and can be expensive to run to meet peak demand. Cisco Nexus 1000V InterCloud is designed to bridge enterprise and cloud provider deployments in a secure and consistent manner. Based on Cisco Nexus 1000V Series Switches and industry-standard Cisco Cisco Nexus 1000V InterCloud (Figure 1) provides: NX-OS Software, ●  Secure Layer 2 network connectivity between the enterprise data center and the public cloud ●  Consistent network policies and services across private and public clouds ●  Virtual form factor designed for easy deployment ●  and finally, single pane of management– this is where VNMC InterCloud comes in.With Cisco Nexus 1000V InterCloud, the enterprise network can be securely extended to the cloud, with enterprise network configurations such as VLANs and policies extended to the cloud. Workloads can be migrated from the enterprise data center to the public cloud while retaining the same IP addresses, thus avoiding the need to redesign the application.
  • As I just mentioned, VNMC InterCloud presents a single-pane, consolidated view of virtual machines across the enterprise data center and the cloud for the Nexus 1000V InterCloud solution. It also enables virtual machines to be migrated from the enterprise data center to a cloud provider, or a public cloud. In addition, it manages security policies and virtual services in the cloud. This means that apps can continue using common application services that are hosted in the enterprise datacenter, on the cloud. VNMC also features a northbound APIs to integrate with cloud orchestration tools.With this API integration, Cisco Intelligent Automation for Cloud enables users to order private or public cloud services from a self-service portal- Cisco Service Portal. The request is then processed by Cisco Process Orchestrator, the automation engine behind Cisco IAC, which manages workflows across multiple cloud environments. Then, the workloads are moved to VNMC InterCloud to be distributed between the enterprise data center (private cloud) and public cloud providers (public clouds). Here, VNMC provides the crucial ability to manage operational activities for virtual network services in such a complex hybrid cloud environment.
  • In short, VNMC provides a seamless, secure extension of virtual networks from on-premise data centers to cloud service providers. What you should take away from this is the Cisco advantage:#1 Maintaining consistency across both physical and virtual infrastructure that spans across a hybrid cloud environment. Cisco is the only hybrid cloud enabler that provides consistent policies (such as network policies), consistent applications, and consistent network environment to provide a seamless and secure extension into the public cloud. #2- Workload mobility– Migrating workloads between private and public clouds is becoming a reality, and with Cisco we’re ensuring that it’s a no-nonsense, secure process.#3- An end-to-end hybrid cloud ecosystem, enabled by the northbound API, which allows VNMC to provide high-level, self-service, automatic provisioning of services for the end user via products like Cisco Intelligent Automation for Cloud and other third-party extensions. This means a complete cloud network management solution with full stack delivery by Cisco.

Transcript

  • 1. Cisco Confidential 1© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Prime Network Services Controller
  • 2. © 2012 Cisco and/or its affiliates. All rights reserved. 2 • Background and Problem Statement • Introducing Cisco Prime Network Controller • Integration Overview Cisco Nexus 1000V Switch Series Cisco Virtual Security Gateway Cisco ASA 1000V Firewall Cisco Cloud Services Router 1000V Series • Why Cisco?
  • 3. Cisco Public 3© 2012 Cisco and/or its affiliates. All rights reserved.
  • 4. © 2012 Cisco and/or its affiliates. All rights reserved. 4 INFRASTRUCTURE LAYER CONTROL LAYER APPLICATION LAYER Network DeviceNetwork Device Network Device Network DeviceNetwork Device Prime Network Controller Network Services Performance Mgmt. Advanced Security IPAddress Mgmt.Load BalancingDisaster Recovery APIAPI Control Data Plane Interface (e.g. OnePK) • Worldwide cloud management software revenue will reach $2.5B in 2015 (source: IDC) • Leverage control layer to deliver advanced cloud operations for network services • Develop application vendor ecosystem • Cisco as a provider of infrastructure and management • Take advantage of Cisco sales motion and market footprint
  • 5. © 2012 Cisco and/or its affiliates. All rights reserved. 5 Resource Allocation • Tenant Configuration • Allocate Compute (VMs, Memory, CPU) • Allocate Network • Allocate Storage Service Definition • Port profile Configuration • Lay-out network topology • Edge GW (FW rules, VPN, DHCP, NAT) • Load Balancers Env. Set- Up • System Installations (Servers, FW, LB) • Assign User Privileges Scaled Environments (VXLAN) Silo vs. Central Management Single vs Multi- Tenant Static vs Dynamic Hybrid Private/Public Programmatic Networking
  • 6. © 2012 Cisco and/or its affiliates. All rights reserved. 6 Scaled Environments Central Management Multi Tenancy Network Virtualization Hybrid Private/Public Programmatic Networking New Operational Models Service Definition • Port profile Configuration • Lay-out network topology • Edge GW (FW rules, VPN, DHCP, NAT) • Load Balancers and tenant services Resource Allocation • Tenant Configuration • Allocate Compute (VMs, Memory, CPU) • Allocate Network • Allocate Storage Env. Set- Up • System Installations (Servers, FW, LB) • Assign User Privileges  VM Mobility  e-w Traffic  Dynamic VM Creation  Different Hypervisor Networking Models  Segregation of Duties  Network segmentation  Consolidate Management Compute/Network/Stor age  Various Management Assets (EMS, Hypervisor Managers, Orchestrator s)  Self-Service  Automation Co-existence of multiple Organizations Segment Enterprise Mission Critical Systems SP and Enterprise co-operate service management High Scale customer environments New Architectures Evolves to support Demands Complex service configuration WAN/Core
  • 7. © 2012 Cisco and/or its affiliates. All rights reserved. 7 Scaled Environments Central Management Multi-Tenancy Network Virtualization Hybrid / Private /Public Programmatic Networking New Operational Models
  • 8. Cisco Public 8© 2012 Cisco and/or its affiliates. All rights reserved.
  • 9. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 9 Public Cloud Construct a Hybrid Cloud environment, install and configure solution components w/ Nexus 1000V Build a Hybrid Cloud Environment Manage the day-to-day operation activitiesVM Operation Ensure service availability and alert on service degradation Service Assurance Single place of operation supporting enterprise management standards System Management Integrate with internal and external management systems Management Orchestration Enterprise Data Center Public Cloud Tenant B Enterprise Private Cloud
  • 10. © 2012 Cisco and/or its affiliates. All rights reserved. 10 • Address cloud management networking challenges – Network virtualization – New operational models – Multi-tenancy • Virtual and physical services support • Hybrid cloud management • Multi-vendor, multi-platform, multi-service • Ecosystem – integration point to northbound management & orchestration systems • SDK – Infrastructure to support 3rd-party network services – Increased feature customization and velocity DHCP NAT DNS IPSe c VPN Firewall Virtualization ACL OSPF StaticEIGRP LB BGP IKE
  • 11. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 11 Amazon Azure Terramark Cisco Intelligent Automation for Cloud Cisco UCS Director N1KV InterCloud VSG (Zone- Based Firewall) ASA1000V (Edge Firewall) CSR1000V (L3 Router) Third-Party Device Image Management Policy Management Service Configuration System Administration License Management Cisco Prime Network Services Controller Service Chaining Config Archive VM Lifecycle Change Audit Monitoring Single API IP Address Management Capacity Management Performance Management vSphere HyperV KVM Xen Multi-Hypervisor OpenStack VMware vCD CloudStack BMC CLM Other
  • 12. © 2012 Cisco and/or its affiliates. All rights reserved. 12 Access Switching • N1KV • Integration for network service management • vPath configuration • Service binding • Service chaining Security • VSG, ASA1000V • Security policy configuration • EMS (service monitoring, service access point) • Image management InterCloud • VM mobility • VM lifecycle management • System administration • License management • Monitoring • Reporting Cloud Routing • CSR1000V, VPE • L3 cloud service routing • Policy configuration • Control plane for distributed architecture Service Insertion • Load balancing, network performance, WAN optimization • Cloud service insertion • Service policy configuration • Control plane for service placing in the network
  • 13. Cisco Public© 2010 Cisco and/or its affiliates. All rights reserved. 13
  • 14. © 2012 Cisco and/or its affiliates. All rights reserved. 14 • Accelerate virtualization and multi- tenant cloud deployments • Integrated into Vmware vSphere and Microsoft Hyper-V hypervisors • Provides advanced virtual machine switching using .1Q switching technology • vPath and VXLAN technologies • Built on Cisco NX-OS • Provides: policy based VM connection, mobile virtual machine security and network policy, and a non-disruptive operational model vSphere 1000V VEM 1000V VSM VM VM VM VM Server Physical Switches
  • 15. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 15 Securely Extend Enterprise Environment into Provider Cloud Enterprise-Grade Crypto and Firewalling within & across cloudsSecure Simple Transparent Application Migration; Centralized Management Flexible Choice of Provider Clouds and Hypervisors Cisco Prime Network Controller Other Tenants V M V M V M Nexus1000 V vSwitch N1KV InterCloud L2 Virtual Private Cloud V M V M V M N1KV InterCloud Nexus Switching | IOS Routing | Network Services
  • 16. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 16 Cisco Cloud Portal Orchestrator manages workflow across multiple cloud environments Private Cloud Public Cloud Nexus 1000V (Platform layer) Policy manager Resource manager Service registry VM Manager Cloud Provider Manager VM VM VM N1KV Switching Firewall, Routing Crypto Secure Tenant B VNMC INTERCLOUD (MANAGEMENT LAYER) (Integration via Northbound API) (Workloads moved via InterCloud) Cisco Intelligent Automation for Cloud User requests cloud services via end- user portal Cisco Process Orchestrator
  • 17. © 2012 Cisco and/or its affiliates. All rights reserved. 17 Tenant B Virtual Private Cloud Network Transparency Secure Tunnel and Network Overlay Customer Control  Multi-Platform (Cloud, Hypervisor, Switch) Consistent L4-7 Network Services Single Management Interface Workload Mobility Secured Multi-Tenant Environment Enterprise Data Center Public Cloud
  • 18. © 2012 Cisco and/or its affiliates. All rights reserved. 18 Seasonal Capacity, Events Supplement/Geo-Specific Capacity Upgrade and Migration Disaster Recovery Tenant B Virtual Private Cloud Nexus 1000V Switching Firewall, Routing
  • 19. © 2012 Cisco and/or its affiliates. All rights reserved. 19 Tenant B Virtual Private Cloud Enterprise Data Center Public Cloud Build InterCloud Environment Construct InterCloud environment, install and configure solution components VM Operation Manage the day-to-day operation activities Service Monitoring Monitor service availability and alert on service degradation System Management Single place of operation supporting enterprise management standards Management Integration Integrate with Cisco and 3rd party management systems
  • 20. © 2012 Cisco and/or its affiliates. All rights reserved. 20 Modular Switch … Linecard-N Supervisor-1 Supervisor-2 Linecard-1 Linecard-2 BackPlane Server 1 Server 2 Server 3 Comparison to a Physical Switch
  • 21. © 2012 Cisco and/or its affiliates. All rights reserved. 21 ESX ESX ESX Modular Switch … Linecard-N Supervisor-1 Supervisor-2 Linecard-1 Linecard-2 BackPlane Moving to a Virtual Environment
  • 22. © 2012 Cisco and/or its affiliates. All rights reserved. 22 Hypervisor Hypervisor Hypervisor Modular Switch … Linecard-N Supervisor-1 Supervisor-2 Linecard-1 Linecard-2 BackPlane Linecards Virtual Ethernet Modules (VEMs) VEM-NVEM-1 VEM-2 VSM: Virtual Supervisor Module VEM: Virtual Ethernet Module • Server Virtualization Events Awareness • L2 Advanced Switching (PortChannel, QOS, Sec urity, Monitoring)
  • 23. © 2012 Cisco and/or its affiliates. All rights reserved. 23 Hypervisor Hypervisor Hypervisor Modular Switch … Linecard-N Supervisor-1 Supervisor-2 Linecard-1 Linecard-2 BackPlane Supervisors Virtual Supervisor Modules (VSMs) VSM1 VSM2 Virtual Appliance VSM: Virtual Supervisor Module VEM-NVEM-1 VEM-2 L2Mode L3Mode • VEMs Controller • Single Interface for Configuration
  • 24. © 2012 Cisco and/or its affiliates. All rights reserved. 24 vPath – Virtual Service Datapath Virtual Appliance VSM VEM-1 vPath VEM-2 vPath L2Mode L3Mode Hypervisor Hypervisor vPath • Virtual Service Datapath VSG • Virtual Security Gateway for N1K ASA 1000V • Virtual Edge Firewall vWAAS • Virtual WAAS vWAAS VSG vPath • Traffic Steering • Flexible Deployments • Network Service Acceleration
  • 25. Cisco Public© 2010 Cisco and/or its affiliates. All rights reserved. 25
  • 26. © 2012 Cisco and/or its affiliates. All rights reserved. 26 App OS App OS App OS App OS VM-to-VM traffic VM-to-VM traffic Control inter-VM traffic Address new blind spot Enable Dynamic Provisioning Mobility Transparent Enforcement VLAN-agnostic Operation Policy based Administrative Segregation Server • Network • Security
  • 27. © 2012 Cisco and/or its affiliates. All rights reserved. 27 Hypervisor Traditional Service Nodes Virtual Contexts VLANs Redirect VM traffic via VLANs to external (physical) firewall App Server Database Server Web Server App Server Database Server Web Server VSN Virtual Service Nodes VSN Apply hypervisor-based virtual network services Hypervisor Virtual Service Nodes
  • 28. © 2012 Cisco and/or its affiliates. All rights reserved. 28 Virtual Network Management Center (VNMC) Virtual Firewall for Nexus 1000V VM context aware rules Context aware Security Establish zones of trust Zone based Controls Policies follow vMotionDynamic, Agile Efficient, Fast, Scale-out SW Best-in-class Architecture Security team manages security Non-Disruptive Operations Central mgmt, scalable deployment, multi-tenancy Policy Based Administration Virtual Security Gateway (VSG) XML API, security profiles Designed for Automation
  • 29. © 2012 Cisco and/or its affiliates. All rights reserved. 29 Apply Security at Multiple Levels Specify intra-tenant zoning policy with the appropriate deployment granularity  Tenant-level, VDC-level, vApp-level Tenant BTenant A VDC vApp vApp vSphere Nexus 1000V vPath VDC Virtual Network Management Center (VNMC)
  • 30. Cisco Public© 2010 Cisco and/or its affiliates. All rights reserved. 30
  • 31. © 2012 Cisco and/or its affiliates. All rights reserved. 31 Cisco® ASA 1000V Cloud Firewall Secures the tenant edge in virtualized multi-tenant private and public clouds
  • 32. © 2012 Cisco and/or its affiliates. All rights reserved. 32 End-to-End Security for Hybrid Infrastructure Cisco ASA 5585-X Cisco Catalyst® 6500 Series ASA Services Module • Scalable in-line performance • Data center-edge security policies • Flexible deployment options Physical Appliances and Modules Cisco Multi-Scale™ data center-class Cisco® ASA devices Cisco VSG Cisco ASA 1000V Cloud Firewall • Proven firewall to secure your cloud • Policies specific to the tenant edge to the virtual machine • Automated, policy-based provisioning Cloud Firewall Enhanced cloud security Physical Virtual and Cloud
  • 33. © 2012 Cisco and/or its affiliates. All rights reserved. 33 Solution Features and Capabilities Built using Cisco® ASA infrastructure Interoperability with Cisco VSG through service chaining VXLAN gateway Multi-tenant management Through Cisco VNMC IPsec VPN (site to site) NAT DHCP Default gateway Static routing Stateful inspection IP audit
  • 34. Cisco Public© 2010 Cisco and/or its affiliates. All rights reserved. 34
  • 35. © 2012 Cisco and/or its affiliates. All rights reserved. 35 1. Velocity: • Prime Network Controller is a network service deployment product for Cloud and Virtualized environments • Already used by more than 400 customers– proven enterprise scalability • Real momentum and some big ambitions: expecting a few thousand Prime Network Controller customers in the next 24 months 2. Value: • Feature-rich and integral to major Cisco initiatives: e.g. Vinci, InterCloud, ONE • Integration with Cisco Intelligent Automation for Cloud and Cloupia (and third- party management tools) 3. Control: • Prime Network Controller is the primary network control point for many cloud management platform for enterprises and service providers • One network controller that covers virtual network services and L2/L3
  • 36. © 2012 Cisco and/or its affiliates. All rights reserved. 36 4. Commitment: • Cisco is aligning product roadmaps and cloud management strategy 5. Legitimacy: • Full participant in the Cisco ONE strategy (for Software-Defined Networking) • Building integration with onePK • Role as a controller in the overlay network • Built from the ground up with partnerships in mind 6. Extensible
  • 37. © 2012 Cisco and/or its affiliates. All rights reserved. 37 • Hybrid cloud management platform via cloud plug-ins • Multi-vendor, multi-platform support via SDK’s • Native hypervisor extension points • Integration point to Cisco and 3rd party orchestration and management systems Prime Network Controller Cloud Plug-In (jclouds) Cloud Providers VirtualandPhysical Services Hypervisors Automation& Orchestration External SDK Embedded FW(PA) Extension& Packaging Rest NBI ESB (JMS)
  • 38. © 2012 Cisco and/or its affiliates. All rights reserved. 38
  • 39. © 2012 Cisco and/or its affiliates. All rights reserved. 39 Compute + Network + Storage + Management = Full stack delivery • Consistency between physical and virtual infrastructure that spans across a hybrid cloud environment Consistent policies Consistent applications Consistent environment • Crypto-level security for workload mobility and transportation in a hybrid cloud • End-to-End Network Hybrid Cloud Ecosystem via Northbound API (End-User Portal, Orchestration Engine, Workload Migration
  • 40. Thank you.
  • 41. Cisco Public© 2010 Cisco and/or its affiliates. All rights reserved. 41
  • 42. © 2012 Cisco and/or its affiliates. All rights reserved. 42 Cisco.com Cisco Support Community • Cisco Prime Network Controller: NEW ADDRESS • Cisco® ASA 1000V: www.cisco.com/go/asa • Cisco Nexus® 1000V: www.cisco.com/go/1000v • Cisco VSG: www.cisco.com/go/vsg • Cisco CSR 1000V: www.cisco.com/go/csr1000v • Extensive training materials and VODs on various VNMC topics are available at the Cisco Support Community: https://supportforums.cisco.com
  • 43. © 2012 Cisco and/or its affiliates. All rights reserved. 43 Hands-on labs available for VNMC, Cisco® ASA 1000V, Cisco VSG, and Cisco Nexus® 1000V in Cisco Cloud Lab • https://cloudlab.cisco.com • Open to all Cisco employees • Customers and partners require sponsorship from account team for access using Cisco.com login ID