Managing Network Services in the Cloud

635 views
537 views

Published on

Published in: Technology, Education
0 Comments
0 Likes
Statistics
Notes

Comments are closed

  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
635
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
23
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • This diagram depicts the key elements from a management standpoint that are required for IT-as-a-Service, regardless of the business applications and IT services delivered – whether it’s for a dev and test environment for your SAP applications team or a production environment for Oracle database hosting. This framework is similar to the architecture for private cloud recommended by analysts firms like Gartner and Forrester. We’re not trying to replicate all of the existing IT management systems (like your existing service desk / ticketing systems and CMDB) that you use to run your legacy data center environments. Instead, this diagram represents the new capabilities necessary for IT-as-a-Service; the mandatory requirements for this new approach include a self-service portal and orchestration, together with policy-based infrastructure resource management.At the top level of the diagram you have the self-service portal, with on-demand provisioning from a catalog of standardized IT options, governance and approvals, as well as tracking the lifecycle of service usage to prevent sprawl and to enable chargeback or showback. This portal can provide users with a unified online “menu” of options for requesting IT services, whether the infrastructure resources are hosted in your own data centers or potentially sourced externally in a hybrid cloud model.From an automation and integration standpoint, you need to combine the portal with an orchestration engine that can provision the requested service and the underlying infrastructure – with policy-based infrastructure resource management and controls across a shared pool of compute, storage, and network resources, whether physical or virtual.And finally, although IT-as-a-Service demands a new approach, it must complement your legacy systems and management tools. So this new management approach needs to integrate with the existing IT environment for operational processes including monitoring and service assurance, configuration management and a CMDB, as well as business processes like user management in your directory systems and financial management - whether you start with a showback model or evolve to pay-per-use billing and chargeback.
  • Managing Network Services in the Cloud

    1. 1. Cisco Virtual NetworkManagement Center (VNMC)Device and Policy Management of Cisco Network Virtual Services© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1
    2. 2. • Problem Statement and Vision• N1K, VSG, ASA1000V Overview• VNMC Benefits and Differentiators• Resources© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
    3. 3. 1. VMware vMotion moves virtual machines across physical ports, and the network policy must follow this migration (across racks, pods, and data centers)2. Administrators must view or apply network and security policy to locally switched traffic3. Administrators need to maintain segregation of duties while helping ensure nondisruptive Port Group operations4. Organizations need a VLAN-agnostic solution to decrease complexity and enhance scalability Security Administration Server Administration Network Administration© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
    4. 4. IT-as-a-Service Requires a New Management Approach Business Applications and IT Services Self-Service Portal and Orchestration Operations On-Demand Provisioning Service Governance Lifecycle Management Business Support Support Service Catalog Integration and Automation Pay-Per-Use Ecosystem Ecosystem Billing, CustomerService Assurance, Management, Compliance, Financial Configuration Management, … Infrastructure Resource Mgmt Management, … Pooled Resources Seamless Physical-Virtual Policy-Based Compute Policy-Based Network Service Profiles Network Containers Physical-Virtual, Multi-Hypervisor Dynamic Network Provisioning Compute Storage Network © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
    5. 5. Lower TCO by having Common UX and Common model to a single integrated operational flows enable federated access to Cisco development network virtual services in the cloud API-accessible Part of the N1K Addressing Enterprise abstraction layer architecture, manages and Provider needs in simplifies cloud the VSG and a self contained multi- infrastructure ASA1000V security tenant environment management for products customer and partners© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
    6. 6. • Accelerate virtualization and multi-tenant cloud deployments VM VM VM VM • Integrated into Vmware vSphere hypervisor • Provides advanced virtual machine switching 1000V using .1Q switching technology VEM • vPath and VXLAN technologies vSphere • Built on Cisco NX-OS Server • Provides: policy based VM connection, mobile virtual machine security and network policy, and a non-disruptive operational model 1000V VSM Physical Switches© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
    7. 7. Context aware Security VM context aware rules Virtual Security Zone based Controls Establish zones of trust Gateway (VSG) Dynamic, Agile Policies follow vMotion Best-in-class Architecture Efficient, Fast, Scale-out SW Non-Disruptive Virtual Network Operations Security team manages security Management Center Policy Based Central mgmt, scalable deployment, (VNMC) Administration multi-tenancy Designed for Automation XML API, security profiles© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
    8. 8. Built using Cisco® ASA infrastructure IPsec VPN (site to site) NATInteroperability with Cisco VSG through DHCPservice chaining Default gatewayVXLAN gateway Static routing Stateful inspectionMulti-tenant managementThrough Cisco VNMC IP audit© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
    9. 9. • Proven Cisco® security: virtualized physical and virtual consistency Cisco® Virtual Network Management Center (VNMC)• Collaborative security model Tenant A Tenant B ̶ Cisco Virtual Secure Gateway (VSG) for intra-tenant VDC VDC secure zones vApp ̶ Cisco ASA 1000V for tenant edge controls Cisco VSG Cisco Cisco VSG vApp• Transparent integration VSG ̶ With Cisco Nexus® 1000V Switch and Cisco vPath Cisco VSG• Scale flexibility to meet cloud demand Cisco ASA Cisco ASA ̶ Multi-instance deployment for scale-out deployment 1000V 1000V across the data center Cisco vPath Cisco Nexus® 1000V Hypervisor© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
    10. 10. Multi-Tenant Different customers and different needs Security Profiles Scalable Simple, policy-based security configuration Stateless XML API Expandable Ready for third-party integration Partitionable Role-Based Access Controls Different users and different privileges Integrated Automated Cisco Nexus® 1000V and VMware vCenter Port profiles refer to security profiles Dynamic Provisioning One-stop configuration of network and security Custom created to manage virtualization-specific workflows© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
    11. 11. • Single tenant can have up to three organizational sublevels• Each sublevel can have multiple organizations• Overlapping network addresses across tenants are supported Tenant vDC vApp Tier Level Level Level Level Tier 1 DC 1 App 1 Tier 2 Tenant A DC 2 Root App 2 Tier 3 Tenant B DC 3© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
    12. 12. Cisco® VNMC Administrator Roles Tenant-Level Access© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
    13. 13. 192.168.200.20 Tradeshow Outside SYN Floods 172.25.108.0 Client TenantA Outside: 192.168.200.15 NAT IP: 192.168.200.11 .87 ASA 1000V Static NAT Inside: 192.168.100.15 192.168.100.0 .20 .10 .11 .12 Web VSG Win 7 Client Db Server Server .86 .75© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
    14. 14. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
    15. 15. Cisco.com Cisco Support Community• Cisco VNMC: www.cisco.com/go/vnmc • Extensive training materials and VODs on various VNMC topics are available at the Cisco Support• Cisco® ASA 1000V: www.cisco.com/go/asa Community: https://supportforums.cisco.com• Cisco Nexus® 1000V: www.cisco.com/go/1000v• Cisco VSG: www.cisco.com/go/vsg© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
    16. 16. Thank you.

    ×