Inside Cisco IT: Secure and Simplified Cloud Services with ACI

1,566 views
1,352 views

Published on

The Cloud is one of the fastest growing solutions today and the significance of the secure multi-tenant data center on business applications is increasing. Cisco IT is building an Application Centric Infrastructure (ACI) for Cloud Computing. An ACI environment requires a holistic approach in managing and orchestrating network, server, storage and application resources within a data center and across multiple data centers. This enables Cisco IT to deliver a secure programmable infrastructure that anticipates application requirements and through policies delivers Software as Service offerings to Cisco Business Units. Cisco IT has been a fundamental driver in building and adapting the suite of management tools needed today to orchestrate data center infrastructure and platforms to deliver business services.

Attendees will learn how Cisco IT is designing next-generation application aware solutions and the new policy models required for this journey. Cisco IT is migrating all traditional applications to a radically simplified compute platform and programmable network. Application Centric Infrastructure will significantly reduce the network complexity and improve security, while reducing application deployment cycles. Cisco IT has aggressively deployed an internal private cloud with the goal of offering all IT services as self-service. Attendees will understand the TCO Cisco IT has achieved building Application Centric Infrastructure along with our existing UCS compute platform. Additionally we will share the experience and lessons learned from our journey transforming applications and platforms to an infrastructure aware architecture.

Session highlights include:
• Cisco IT’s adoption of Application Centric Infrastructure (ACI)
• Application Centric Infrastructure Design
• Nexus 9000
• Unified Compute System
• Infrastructure as a Service (IaaS)
• Platform as a Service (PaaS)
• Improved Application Security
• Reducing data center and network operating costs
• Driving higher utilization of existing servers
• Organizational Alignment
• Application transformation

Published in: Technology, News & Politics
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,566
On SlideShare
0
From Embeds
0
Number of Embeds
44
Actions
Shares
0
Downloads
101
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Inside Cisco IT: Secure and Simplified Cloud Services with ACI

  1. 1. Inside Cisco IT: Secure and Simplified Cloud Services with ACI COCACI-2000
  2. 2. © 2014 Cisco and/or its affiliates. All rights reserved.COCACI-2000 Cisco Public Agenda • ACI Technology Overview • Cisco IT’s Data Centers • Cisco IT’s ACI DC Architecture • Cisco IT’s Cloud and ACI • Light Weight Applications • Cisco IT’s Cloud Vision 3
  3. 3. ACI Technology
  4. 4. © 2014 Cisco and/or its affiliates. All rights reserved.COCACI-2000 Cisco Public Application Centric Infrastructure ACI Vision: Rapid deployment of applications onto networks with Scale, Security and Full Visibility • OPEN RESTFUL APIS • CENTRALIZED POLICY MODEL • OPEN SOURCE CONTROLLER POLICY MODEL NEXUS 9500 and 9300 A C I B u i l d i n g B l o c k s
  5. 5. © 2014 Cisco and/or its affiliates. All rights reserved.COCACI-2000 Cisco Public Central Controller Northbound and Southbound • OPEN RESTFUL APIS • CENTRALIZED POLICY MODEL • OPEN SOURCE SouthboundNorthbound vCenter VMware CIAC Easier Configuration Visibility Troubleshooting Integration -Compute controllers -Cloud orchestration systems (automation)APIC 6
  6. 6. © 2014 Cisco and/or its affiliates. All rights reserved.COCACI-2000 Cisco Public Central Controller Northbound and Southbound • OPEN RESTFUL APIS • CENTRALIZED POLICY MODEL • OPEN SOURCE SouthboundNorthbound vCenter VMware CIAC APIC OPFLEX SOFTWARE POLICY EXTENSIONS INSIDE + OUTSIDE OF THE DC 7
  7. 7. © 2014 Cisco and/or its affiliates. All rights reserved.COCACI-2000 Cisco Public Tenant EPG DB EPG APP EPG WEB What’s an Application Profile ? External Network End Points End PointsEnd Points QoS Filter QoS Service FW/SLB Filter QoS Service SLB Filter Contract Service Graph Application Profile 8
  8. 8. © 2014 Cisco and/or its affiliates. All rights reserved.COCACI-2000 Cisco Public Network Enhancements less planned and unplanned application downtime Network Enhancements 40 Gig (100 Gig Future) Network Virtualization (Vxlan) L2 enhancements L3 only No FloodingZTD True traffic loadbalancing (Flowlets) 9
  9. 9. © 2014 Cisco and/or its affiliates. All rights reserved.COCACI-2000 Cisco Public Fabric(ACI) No change Migration from Standalone to Fabric Mode is possible Standalone No change Code adjustments Topology Forwarding Enhancements Change Change Data Model Policy Model Topology Forwarding (Enhancements) Major Change Standalone Mode ‘devices’ controlled separately Mode Fabric Mode Central Controller Mode ACI (Application Centric Infrastructure) Common Hardware 40 Gig (100Gig future) 93xx 9504 9508 Nexus: 9516 Nexus 9000 product line 10
  10. 10. Cisco IT’s Data Centers
  11. 11. © 2014 Cisco and/or its affiliates. All rights reserved.COCACI-2000 Cisco Public Global Data Centers A B Tier-III (Redundant) Tier-II (Less Redundant) 2x Texas BB 1x Amsterdam 1 x Singapore B B Globally Centralized: Business Apps Continental Hub: Order Processing, Comms Continental Hub: Communications Cloud Services available Private Cloud, self Service capabilities: IaaS / PaaS B B B B Latency-Sensitive Software Development
  12. 12. Cisco IT’s ACI Data Center Architecture
  13. 13. © 2014 Cisco and/or its affiliates. All rights reserved.COCACI-2000 Cisco Public ACI Topology View Flexible Topology Virtual Boundaries Physical and Virtual Services Highly Converged Infrastructure Easier to Manage Vxlan Leaf to Hypervisor 14
  14. 14. © 2014 Cisco and/or its affiliates. All rights reserved.COCACI-2000 Cisco Public New Virtual Compute Design Vmware only traditional virtual compute design N1KV Domain-1 Physical Leaf pair-1 Physical Leaf pair-2 Physical Leaf pair-3 Physical Leaf pair-4 Logical Pod-2 Logical Pod-3 Logical Pod-4 Logical Pod-1 vCenter Domain-1 vCenter Domain-2 ` vCenter Domain-3 vCenter Domain-4 N1KV Domain-2 N1KV Domain-3 N1KV Domain-4 virtual compute design on ACI VMM DomainVMotion VMotion VMotion VMotion 15
  15. 15. © 2014 Cisco and/or its affiliates. All rights reserved.COCACI-2000 Cisco Public Mapping of existing network aspects & applications to ACI Model Contracts Bridge Domain Context (VRFs) ACI Subnet(s) IP to IP Communication Tenant(s) ANP(s) EPG(s) Fabric External EPG(s) EPG(s) SLB and FW config Context (VRFs) Current DC Network Subnet ACLs (Permitted / Denied flows) Service Graphs Filters / Labels / Bundles / Interfaces Inner ANP Contract Inner Tenant, Inter ANP Contract Inter Tenant Contract Fabric External Contract Flexible building blocks Grouping Separation Security /Contract Management Framework ANP(s) 16
  16. 16. © 2014 Cisco and/or its affiliates. All rights reserved.COCACI-2000 Cisco Public Tenant CommonTenant 3Tenant 2Tenant 1 Cisco IT ACI Architecture: Logical View (networking elements) EPG to BD to Subnets to VRFs to External EPG-12 EPG-11 EPG-13 EPG-22 EPG-21 EPG-23 EPG-32 EPG-31 EPG-33 VRF-dmz VRF-Int EPG-Corp EPG- Other-DC 1.1.1.0/24 2.2.2.0/24 3.3.3.0/24 BD-Ext-2 BD-Ext-1 93969396 DC Core (External) DC Core (Internal) Internet 5.5.5.0/24 BD-int-2 4.4.4.0/24 BD-int-1 EPG-DMZ EPG- Internet 17
  17. 17. © 2014 Cisco and/or its affiliates. All rights reserved.COCACI-2000 Cisco Public Tenant CommonTenant 3Tenant 2Tenant 1 EPG-11 EPG-13 EPG-21 EPG-23 EPG-31 EPG-33 Internet InfraServices EPG-NTP EPG-DNS EPG- Monitoring EPG-… EPG-12 EPG-22 EPG-32 Cisco IT ACI Architecture: Security to Infrastructure Services EGPs and Contracts EPG-Corp EPG- Internet DC Core (External) DC Core (Internal) 18
  18. 18. © 2014 Cisco and/or its affiliates. All rights reserved.COCACI-2000 Cisco Public Tenant CommonTenant 3Tenant 2Tenant 1 EPG-11 EPG-13 EPG-21 EPG-23 EPG-31 EPG-33 Internet APPMWServices EPG-OAM EPG-LDAP EPG-OCM EPG-… EPG-12 EPG-22 EPG-32 Cisco IT ACI Architecture: Security to Application Middleware Services EGPs and Contracts EPG-Corp EPG- Internet DC Core (External) DC Core (Internal) 19
  19. 19. © 2014 Cisco and/or its affiliates. All rights reserved.COCACI-2000 Cisco Public Tenant CommonTenant 3Tenant 2Tenant 1 EPG-11 EPG-13 EPG-21 EPG-23 EPG-31 EPG-33 EPG-Corp DC Core (External) DC Core (Internal) Internet EPG- Internet EPG-12 EPG-22 EPG-32 Cisco IT ACI Architecture: Security to outside the ACI Fabric EGPs and Contracts 20
  20. 20. © 2014 Cisco and/or its affiliates. All rights reserved.COCACI-2000 Cisco Public Tenant CommonTenant 3Tenant 2Tenant 1 EPG-11 EPG-13 EPG-21 EPG-23 EPG-31 EPG-33 Internet FW SLB SLB FW SLB FW EPG-12 EPG-22 EPG-32 Cisco IT ACI Architecture: Client level Security and Services EGPs and Contracts and Services (SLB, FW) EPG-Corp EPG- Internet DC Core (External) DC Core (Internal) 21
  21. 21. Cisco IT: ACI and Automation (Cloud)
  22. 22. © 2014 Cisco and/or its affiliates. All rights reserved.COCACI-2000 Cisco Public Delivering Infrastructure for Applications and what can we automate ? Physical Build in the DC • Racking • Stacking • patching Basic configuration of DC Infrastructure Client/App specifics ACI for network items ACI for network and network security items ACI & Automation Application Code Specifics Foundational Aspects • UCS • Switches • Storage • SLB • FW Functional Aspects (IaaS / PaaS) • xVMs • CPU/Mem per VM/BM • Storage per VM/BM • SLB setup • FW setup • OS • Apache/Oracle … basic code Build Handover to APP teams 1 2 3 4 High Integrity Automation Systems Reduction of extensive (change management) processes 23
  23. 23. © 2014 Cisco and/or its affiliates. All rights reserved.COCACI-2000 Cisco Public The Future: Private Cloud model We all want to an End-to-End Programmable Infrastructure Block Storage Compute IP File/ IP Block/ IP Object Storage vCenter Controllers Resource Managers Orchestration (Cloud) CIAC ASA Client Security Admin Compute Network Storage Admins PaaS Resources Prime Eman Infra Portal eACLm Network Integrated Security Application Code Portal Application/D ata Policy Network Security Policy 24
  24. 24. © 2014 Cisco and/or its affiliates. All rights reserved.COCACI-2000 Cisco Public ACI Program – Quarterly Objectives: FY15 FY14Q3 FY14Q4 FY15Q1 FY15Q2 FY15Q3 FY15Q4 1 2 3 4 5 6 SJC-K Engineering DC on N9K (standalone) ACI Design and ACI Automation (finalization) FY15: +/- 4000 VMs on ACI All workloads on ACI: migration of 2-3 years Migrate SJC-K to Fabric Cisco IT Private Cloud on ACI RTP1 DC Cisco IT Private Cloud on ACI Allen DC RTP1: Traditional Application Migration (non-prod) Allen & RCDN9: Traditional Application Migration to ACI (production apps wave 1) Allen & RCDN9: production apps wave 2 25
  25. 25. Cisco IT: Citeis and ACI
  26. 26. © 2014 Cisco and/or its affiliates. All rights reserved.COCACI-2000 Cisco Public Client #3 (requires IaaS services only) “Give me the VMs and Storage and I’ll manage everything above the OS to build my application” Clients order higher order services. E.g. app. development stack, databases, etc. These internally use infrastructure APIs to provision compute/storage/network. Client #2 (requires IaaS & PaaS services) “My needs are mixed. I’ll take all the goodies I can get, and build the ones that I can’t” Client #1 (requires PaaS services only) “Give me all the standard goodies, and leave me just to manage my application” Same as use case #1 Same as use case #3 “builder” of SaaS services What do the clients want from the infrastructure providers ? 27
  27. 27. © 2014 Cisco and/or its affiliates. All rights reserved.COCACI-2000 Cisco Public Traditional Network Continuous Delivery Lightweight App. Containers API enabled Standard IaaS Application Centric Infra. (ACI) Dedicated Platforms LAE ACI Fabric Mobile Workload Order Mgmt Pricing Waterfall / Agile Development Stationary Applications Application Centric Cloud Policy Control Unified Infrastructure Scalability APIs Intercloud Adaptive Scaling Feature Rich DevOps Open source Quality Releases Distributed Services Cloud Scale 28
  28. 28. Cisco IT: Light Weight Applications
  29. 29. © 2014 Cisco and/or its affiliates. All rights reserved.COCACI-2000 Cisco Public What What Why Lightweight Application Environment (LAE)? 30
  30. 30. © 2014 Cisco and/or its affiliates. All rights reserved.COCACI-2000 Cisco Public Continuous Delivery Development + Quality  End to End Workflow TBD Client Involvement Viable Product Cloud, ERP, and Mobile Application Development Prioritized Sprint Commit & Push Code Review, Merge Static / Dynamic, Progression / Regression Unit / Integration, Functional / Performance / Security Build, Test, Report On-demand, Scheduled Product Mgr. Scrum Master Developers Plan Develop Source Control Management Continuous Build Deploy & Release Adapt & Scale Automated Testing Group components Application Snapshot Group Applications Release Control Gates Development Staging Production Deployable Artifact 32
  31. 31. Cisco IT: Cloud Vision
  32. 32. © 2014 Cisco and/or its affiliates. All rights reserved.COCACI-2000 Cisco Public Self-Optimizing Cloud Policy based on observed norms 35
  33. 33. CISCO IT DEMO: Emerging Cloud Capabilities – ACI, OpenStack World of Solutions, Booth #735 Today 2:30pm – 2:50pm Join Us! We will demonstrate a few of the emerging cloud capabilities enabled for Cisco IT Elastic Infrastructure Services (CITEIS) using technologies like ACI, OpenStack and OpenShift. We will describe how application policy controls, and programmable infrastructure can enable elasticity, agility and continuous delivery of business capabilities.
  34. 34. © 2014 Cisco and/or its affiliates. All rights reserved.COCACI-2000 Cisco Public Complete Your Online Session Evaluation • Give us your feedback and you could win fabulous prizes. Winners announced daily. • Complete your session evaluation through the Cisco Live mobile app or visit one of the interactive kiosks located throughout the convention center. Don’t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online 37
  35. 35. © 2014 Cisco and/or its affiliates. All rights reserved.COCACI-2000 Cisco Public Continue Your Education • Demos in the Cisco Campus • Walk-in Self-Paced Labs • Table Topics • Meet the Engineer 1:1 meetings 38
  36. 36. Thank you.

×