Cloud = Application Enablement +
Innovation
≠ IaaS
Ken Owens, CTO, Cisco Cloud Services
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cloud ≠ IaaS
•Complexity
•Commodity
•Focus
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Why Compromise?
•Would you fly in
this?
• Scale
• Re...
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Platform for Enablement & Agility
•Leverage ready bu...
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cloud = Application Enablement + Innovation
• Servic...
Cisco Use Cases
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Guiding Principles
• Open standard foundational clou...
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Collaboration
• All Development on Openstack,
Cloud ...
9
ACI - GROUP-BASED POLICY ACROSS OPENSTACK
Any existing
network plugin
ACI Fabric
Compute Networking Storage
Dashboard Au...
© 2014 Cisco - Cisco INTERNAL only – All Rights
Reserved 10
Controller
Datastore
Deny 10.0.0.0/8
Network .
Element 2
Datas...
© 2014 Cisco - Cisco INTERNAL only – All Rights
Reserved 11
Controller
DatastoreDatastore
Network .
Element 2
Datastore
Au...
© 2014 Cisco - Cisco INTERNAL only – All Rights
Reserved 12
Verifying & Reconciling Network Elements in Real Time
• Auto-d...
© 2014 Cisco - Cisco INTERNAL only – All Rights
Reserved 13
Data Center
Controller
Datastore
Deny 210.51.109.0/24
Domain
R...
© 2014 Cisco - Cisco INTERNAL only – All Rights
Reserved 14
Network
Element
(USA)
Device
Rules
Engine
Interplay of Central...
Thank you.
Cloud = Application Enablement and Innovation ≠ IaaS (Cloud Foundry Summit 2014)
Upcoming SlideShare
Loading in …5
×

Cloud = Application Enablement and Innovation ≠ IaaS (Cloud Foundry Summit 2014)

3,617
-1

Published on

Keynote delivered by Ken Owens, CTO, Cloud Services
at Cisco.

This presentation dives into the integration specification of IaaS Platforms with PaaS Platforms by discussing the architecture of: Multi-tenant Services; HA service architecture that is interoperable across multiple cloud solutions; Middleware Stack including message bus; Data Storage and Access; Data Analytics; Deployment Management (multi-vendor); Asynchronous processing capabilities; Flexible Security framework ie integration into SecSDLC; Data Protection; SOA Support; and a Common Management Architecture (console, log, metering, monitoring, performance).

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
3,617
On Slideshare
0
From Embeds
0
Number of Embeds
10
Actions
Shares
0
Downloads
51
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • North Korea has one known block of 1,024 IPv4 addresses: 175.45.176.0 – 175.45.179.255. But they also have 254 China Netcom addresses: 210.52.109.0 – 210.52.109.255
  • North Korea has one known block of 1,024 IPv4 addresses: 175.45.176.0 – 175.45.179.255. But they also have 254 China Netcom addresses: 210.52.109.0 – 210.52.109.255
  • Cloud = Application Enablement and Innovation ≠ IaaS (Cloud Foundry Summit 2014)

    1. 1. Cloud = Application Enablement + Innovation ≠ IaaS Ken Owens, CTO, Cisco Cloud Services
    2. 2. © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public Cloud ≠ IaaS •Complexity •Commodity •Focus
    3. 3. © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public Why Compromise? •Would you fly in this? • Scale • Reliability • Security
    4. 4. © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public Platform for Enablement & Agility •Leverage ready built components •Applications are not VM Templates • Configuration Management tools are Complex & Brittle
    5. 5. © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public Cloud = Application Enablement + Innovation • Service-oriented architectures and APIs aren’t new ideas  Art to building platforms comprised of loosely coupled services • Its all about the Data, Data Virtualization, & Data Mobility  Building multi-tiered data architectures that assume scale and unstructured data • Data Centers and cloud providers become an interconnected and federated platform of deployable services and containers that are distributed and loosely coupled • Open-Source is mainstream, driving innovation, and now is its 4th generation of tools to tackle scalability, performance, and diagnostics • Devops is no longer shadow IT, it is the way for application development, integration, and deployment - Period
    6. 6. Cisco Use Cases
    7. 7. © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public Guiding Principles • Open standard foundational cloud platform • Services building blocks at all layers of the stack to enable developers • Everything available “as a Service” through both APIs and UI • Single platform across all Data Centers – Continuous deployment model – Any app deployable to any DC globally
    8. 8. © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public Collaboration • All Development on Openstack, Cloud Foundry, and Openshift • Model – Application Independent – Application Integrated – Application Containerized • Cloud Foundry – Abstracting application deployment, health checking, application routing, and monitoring – Partnerships and Ecosystem are key to enabling innovation – Flexibility • Test, try, fail, pivot • BOSH – Does not work in all providers – CF is just another app
    9. 9. 9 ACI - GROUP-BASED POLICY ACROSS OPENSTACK Any existing network plugin ACI Fabric Compute Networking Storage Dashboard Automation Group-Based Policy Model Extensions Neutron Subgroup Members GROUP POLICY MODEL
    10. 10. © 2014 Cisco - Cisco INTERNAL only – All Rights Reserved 10 Controller Datastore Deny 10.0.0.0/8 Network . Element 2 Datastore Verifying the Domain in Real Time • Small consistency applications to verify status and values of specific objects • Built on OpenDaylight MD-SAL • Object change invoked → NOT polling based • Can cover multiple types of misconfiguration • CLI/programmatic errors • Multiple controllers thrashing on a shared object Rules Engine Deny 10.0.0.0/8 Datastore ACL Allow 10.1.0.0/16 Node Deny 10.0.0.0/8 Change made here Datastore Allow 10.1.0.0/16 Deny 10.0.0.0/8 NE 2 Running Config Domain Policy No Private Subnets Network ACL NE 1 Running Config ACL Deny 10.0.0.0/8 (Mounted) Mount Client Mount Server • Can support customer specific consistency rules
    11. 11. © 2014 Cisco - Cisco INTERNAL only – All Rights Reserved 11 Controller DatastoreDatastore Network . Element 2 Datastore Automated Domain Reconciliation in Real Time • Which rule has precedence? Rules Engine ACL Allow 10.1.0.0/16 Node Deny 10.0.0.0/8 Deny 10.0.0.0/8 NE 2 Running Config Domain Policy No Private Subnets Network ACL NE 1 Running Config ACL Deny 10.0.0.0/8 Allow 10.1.0.0/16 (Mounted) Mount Client Mount Server With a Rules Engine, the self repair is possible. • Open Source Rules Engines & Tools can be applied for Domain or Device Existing DevOps Applicable from Web 3.0
    12. 12. © 2014 Cisco - Cisco INTERNAL only – All Rights Reserved 12 Verifying & Reconciling Network Elements in Real Time • Auto-discovery of link, group, or area misconfigurations. No controller necessary. Network . Element 2 Network . Element 1 Rules Engine Datastore 1500 Datastore 1500 Datastore CLI Change made Datastore NE 1 Running Config Ethernet 1 Frame Size 1500 Frame Size NE 2 Running Config Ethernet 2 Frame Size NE 2 Running Config Ethernet 2 Ethernet 1 Ethernet 2 JumboJumbo • Options • Automated error correction • Automated change propagation • Custom resolution
    13. 13. © 2014 Cisco - Cisco INTERNAL only – All Rights Reserved 13 Data Center Controller Datastore Deny 210.51.109.0/24 Domain Rules Engine Datastore Network Wide Rules Network NE (South Korea) Allow from China Netcom Asserted Config Allow 210.51.0.0/16 SP WAN Controller DatastoreNetwork Element (South Korea) Deny 210.51.109.0/24 Datastore Datastore Deny 210.51.109.0/24 Network Wide Rules Network NE (South Korea) Drop any North Korean traffic in South Korea Asserted Config Deny 210.51.109.0/24 Domain Rules Engine Datastore Interplay of Centralized and Distributed Conflict Resolution Logic Data Center Policy Domain SP WAN Policy Domain Allow 210.51.0.0/16 Allow 210.52.0.0/16 Deny 210.52.190.0/24 Asserted Config Running Config Device Rules Engine Running Config Allow 210.51.0.0/16 Running Config Allow 210.51.0.0/16 • Device logic can mediate between controllers with conflicting Intent • Pushing the reconciliation to the right place • Overlapping controller domains will need reconciliation logic Click to see above implemented with Web 3.0 tools
    14. 14. © 2014 Cisco - Cisco INTERNAL only – All Rights Reserved 14 Network Element (USA) Device Rules Engine Interplay of Centralized and Distributed Conflict Resolution Logic Data Center Policy Domain SP WAN Policy Domain • All Intents may be met automatically even when some config fails • Domain logic can react to Device logic, finding alternative ways to meet intent Data Center Controller Datastore Domain Rules Engine Network NE (South Korea) Allow from China Netcom Asserted Allow 210.51.0.0/16 SP WAN Controller DatastoreNetwork Element (South Korea) Deny 210.51.109.0/24 Datastore Deny 210.51.109.0/24 Network Wide Rules Network NE (South Korea) Drop any North Korean traffic in South Korea Asserted Config Deny 210.51.109.0/24 Domain Rules Engine Deny 210.52.190.0/24 Asserted Config Running Config Device Rules Engine Running Running Config Deny 210.51.0.0/16 Click to see above implemented with Web 3.0 tools Datastore Allow 210.51.0.0/16 Allow 210.52.0.0/16 Asserted Config Running Config Asserted Allow 210.51.0.0/16 Running Allow 210.51.0.0/16 Allow 210.52.0.0/16 NE (USA) • Zero Touch Reconciliation
    15. 15. Thank you.
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×