Annual Top Gun: CIAC
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Annual Top Gun: CIAC

on

  • 26,248 views

Annual Top Gun: CIAC - Cisco Intelligent Automation for Cloud

Annual Top Gun: CIAC - Cisco Intelligent Automation for Cloud

Statistics

Views

Total Views
26,248
Views on SlideShare
26,177
Embed Views
71

Actions

Likes
0
Downloads
53
Comments
0

3 Embeds 71

http://datacenternetworkingibm-cisco.ning.com 67
http://192.168.6.184 2
https://twitter.com 2

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Key messages: When account is new to cloud computing, it is best to set expectations that automation occurs within steps. Step #1 – automate infrastructure Designed for IT operations/administrators, it delivers IT efficiency and reduced cap and opex costs Customer benefits:Delivers consistency --- infrastructure instances are stood up right the first time, every time
  • Building a cloud is all about aligning a number of layers varying from hardware to software to business practices, processes and procedures.At the lowest level lies the infrastructure be it physical or virtualThe next layer up consists of the tool that manage the infrastructure, what is usually referred too as element or domain managers (such as VMware vSphere, or Openstack)Next we need a layer that will provide automation and orchestration of the various functions that will support the dynamic and elastic nature of a CloudThe final and fourth layer is that of services that are offered to the Cloud consumers whether their role is technical or business related.IAC is a solution that utilizes physical and virtual resources, interfacing with infrastructure management systems to facilitate the orchestration and automation of cloud related services.
  • Cisco has a history of providing customers with a flexible and adaptable portal that enables customer to tailor to their specific needs. We have a number of very deep plays that span IT, network and cloud computing services that enable organizations to create a shopping center experience through tenant anchors. Customers do not see PaaS, or IaaS separately, they see them as solutions and it is important to deliver as the customer’s perceive.
  • Automation discipline & structure to creation and consumption of multi-tier application stacks Creates application blueprints replacing 1000’sof golden templates Embedded Puppet, Chef or utilize home-grown scripts Follows development cycle: create, test, modify, review, publish
  • TOSCA: Topology & Orchestration Specification for Cloud ApplicationsGUI-based configuration of complete application stacks TOSCA-basedGraphically describes interoperability of all application stack components Puppet or Chef codelets behind GUI icons
  • Address key topics (limit to 3-4 components) in some detail (What are commonly problematic areas and how our product addresses these)(Address customer’s requirements)
  • Company background and position in market (sales pitch)
  • This shows you CIAC software stack. The dark blue boxes are the ones that come with the bundle. From the top of the diagram, our portal component is called Cisco Cloud Portal. It was very well know as NewScale before it was acquired by Cisco. The Orchestration and automation is Cisco Process Orchestator, which was known previously as Tidal Enterprise Orchestrator. The Integration Framework is basically a set of adapters and workflows that do the provisioning of the infrastructure through a set of “element managers” such as UCS manager, VMWare vcenter, storage controllers, or Network Service Manager. Cisco Intelligent Automation for Cloud comes with the prebuilt content that captures the best practices we learn from our expertise and experience in deploying cloud and package it, bundling it into our solution so customer don’t need to figure everything out themselves, we have done the homework for you and ship it. Things on the right are either pre-existing integrations or we integrate on customer’s site, such as LDAP, AD or CMDB, or chargeback if they have existing infrastructure as a service system.
  • UCSIAC supports deployments with and without UCS. It supports deployments with or without Server Provisioner. 4.0 does support C-Series servers. IAC 4.0 does interface directly with UCSM for management of B and C series blades/servers. IAC 4.0 will not interface with UCS Central. IAC 4.0 may use UCS Director to orchestrate UCS systems when both UCS Director is present (registered) and assigned as the cloud platform to orchestrate a given Compute POD.Changed in 4.0 - Each Data Center in vCenter represents resources from only one POD (one-to-one association between Data Center and POD)
  • Address key topics (limit to 3-4 components) in some detail (What are commonly problematic areas and how our product addresses these)(Address customer’s requirements)
  • A Tenant in IAC represents an enterprise, a corporation, a company.Each tenant will probably consist of multiple organizations, representing a different business function with their company, i.e. an Organization, such as Finance, or Engineering. A Tenant may create multiple organizations.The tenant decides whether its organizations will consume from a pool of shared or dedicated resources. These are represented in IAC as Virtual Data Centers. Each tenant organization can request multiple VDCs.
  • VMDC VSA 1.0 uses virtualized routing and service components in the compute layer to build tenant Virtual Data Centers (vDC) in the cloud. VSA uses the Cisco Cloud Services Router (CSR) 1000V as a Virtual Customer Edge (vCE) router in the cloud vDC. The CSR 1000V connects to an upstream ASR 9000 WAN router. The CSR 1000V provides additional services, such as perimeter firewall and VPN, to the cloud tenants. Other virtual nodes, such as the Cisco Virtual Service Gateway (VSG) and Citrix NetScaler VPX, provide compute firewall and Server Load Balancing (SLB) services
  • N1kv for KVM available in December
  • Relationships and references. If A points to B and B points to C, if you know A, you can get to any property of C. Do other orchestrators do this? If not, we may have a patentable method.
  • Discuss IAC’s UICustomization options & Branding
  • Product enhancements, innovations, leading edge
  • Demonstrate product architecture
  • Clear segregation between the Web, Application and DB Tiers
  • IAC Management Appliance provides utility functions and is primarily responsible for network discoveryPNSC
  • A functional Microsoft Active Directory Domain is required to successfully deploy the Process OrchestratorAll Network Devices, VMware ESXi servers, VMware VSphere compute infrastructure must all have their clocks synchronized. Out of sync devices can result in failures such as PSNC to VSG or PSNC to VSM association failures. In a production install, this could affect accurate billing of orchestrated services.At least one VSM must be setup for each IAC Domain. An IAC domain consistsof a pair of Process Orchestrator and Service Catalog servers that are associated to the same database. On each VSM create three port profiles, the management network, service network and interface facing network. The table the 3 primary networks required.At least one PSNC must be setup for each IAC Domain. PNSC is pre-packaged on the IAC Management appliance as an OVA. On the VSM, assign the “vnmc-policy-agent” to the PSNC created. At least one vCenter datacenter must be configured for orchestration. This datacenter should contain one or more clusters of ESXi hosts, associated with the VSM assigned to this IAC Domain. On the VSM, each ESXi host should display as a module on the VSM. Each cluster in the datacenter must have VSphere DRS enabled. IAC will create Resource pools during the orchestration process. DRS is a requirement for creating Resource pools.
  • It is recommended that Service Catalog, Process Orchestrator and Microsoft SQL all reside on different servers for ease of management and upgrade. While it is possible to place two or more of these components on the same Windows Server is also not recommended for performance and scalability reasons.IAC Service Catalog Components: These components include the Rex Adapter, RequestCenter_war.zip, IAC portal Pages and Catalogs and hotfixes.
  • Image used for provisioning Cisco Adaptive Security Appliance.image used for provisioning Cisco Cloud Services Router.image used for provisioning Cisco Prime Network Services Controller image. Image used for provisioning Cisco Virtual Security Gateway.Image used for provisioningNetscaler VPX Load Balancer Image.Specifies whether IP Address Management will be handled by the Service Portal or by an External IPAM system.
  • Permits the granular definition of approval steps per service request (service name)
  • IAC is also backed up by Cisco’s Solution Accelerator Community, an initiative that enables customers to
  • Load BalancingPerimeter FirewallCompute FirewallRemote Access VPNProtected FE ZonesProtected BE ZonesL3VPN Access
  • Load BalancingPerimeter FirewallCompute FirewallRemote Access VPNProtected FE ZonesProtected BE ZonesL3VPN Access

Annual Top Gun: CIAC Presentation Transcript

  • 1. Cisco‟s Cloud Solutions Bill Petro, Senior Manager – Cloud Business Development Cloud and Systems Management Technology Group © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1
  • 2. • Introduction  IAC Value for Cloud  Service Catalog  Automated Orchestration • Definitions • Architectural Overview  Network Discovery  User Experience  Integrations • RBAC  Personas  User / Tenant Hierarchy  Product traits • Deployment Topology Diagrams  Integrations • Installation Process  Platform Elements • Features and Functionality  Networking  Tenancy     Components Pre-Requisites Installation Wizard Configurations  Cloud Platforms • Extensibility  Pricing • Conclusion  CloudSync © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
  • 3. Introduction © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
  • 4. CAGR 56% 2013-2015 Step Two: Full Cloud: Private, Public, and Hybrid Automate complete solution • Application + Infrastructure across wide range of business services Step One: Infrastructure Automation • Designed for End Users • Consolidate, standardize, virtualize • Delivers organizational speed, flexibility and agility across entire organization • For IT operations/administrators • Delivers: IT efficiency, reduced costs Source: 451Group, Wave 5 Cloud Computing Study/Cloud Evolution, July 2013 IDC, 2013 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
  • 5. Services Orchestration and Automation Infrastructure Management Physical / Virtual © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
  • 6. • Self Service Catalog • One stop shop for all your IT service offerings © 2010 Cisco and/or its affiliates. All rights reserved. • Automated orchestration • Extensible • Multi-Cloud Hybrid solutions • Multi-Tenant by design Cisco Confidential 6
  • 7. • Self Service Catalog • Manage any type of IT service • Standardize and consolidate a wide array of services • Automates delivery processes for data center and workplace services • Flexible and Extensible • Easy-to-use portal and standardized menu of services that provides role-based access to all user types © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
  • 8. • Standardize, unify, and automate best practices for IT processes • Align Process Orchestration to IT-as-a-Service • Model and event based on IT and business services • Improve business alignment • Agile and adaptable to meet changing business demands • Increase productivity to free up valuable IT resources • Improves runbook management for governance, security, and accountability © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
  • 9. Cloud Management and Orchestration • Cisco Intelligent Automation for Cloud delivers a self-service portal and orchestration engine to automate provisioning across physical and virtual resources for public, private, or hybrid cloud environments. © 2010 Cisco and/or its affiliates. All rights reserved. UNIFIED MANAGEMENT Cisco Confidential 9
  • 10. • Enable organizations to deliver a disciplined and structured automation solution to manage cloud environments • Accommodate complex customer‟s technical and business requirements offering end users a single interface for requesting a comprehensive array of services • Accelerate and expand cloud adoption • Lower cost of operating via Open Source solutions • Standardize and simplify provisioning, configuration, troubleshooting and lifecycle management of your cloud infrastructure © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
  • 11. • More than 800 out of the box Services and Workflows covering basic and complex IaaS use cases • Over 500 extension points for easy customization • Deploy cloud within existing IT practices, policies and systems • Leverage pre-existing “runbooks” © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
  • 12. VMDC Certified Solution …  Out of the box support for VSA 1.0 (VMDC 4.0) and Services-enabled VMDC 2.3 Advanced Multi-Tenancy “Out of the Box”…  End to end tenant management Virtual & Physical Networking Tenancy Cloud Platforms Pricing Hybrid Cloud management …  Multi cloud management across UCSD, vCenter, vCloud, AWS and OpenStack © 2010 Cisco and/or its affiliates. All rights reserved. Tenant and Provider Business Admin Personas  First class tenant and service pricing models  Tenant Quotas Cisco Confidential 12
  • 13. IaaS → PaaS IT as a Service BYOD → VDI → Collaboration Orchestration Converged Infrastructure Management (UCS Director) OpenStack Amazon Puppet / Chef VMware (Billing, Assurance, Resource Management) Intelligent Automation for Cloud 3rd Party Systems Management Service Catalog + Self-Service Portal Multi-Cloud (Virtual) Network Services (Virtual Services Architecture → PNSC → N1Kv, CSR, VSG, vASA, VPX → InterCloud → vNAM) © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
  • 14. Full Featured Cloud Cisco IAC Self-Service Portal and Service Catalog Self-Service Portal Standardized Menu of IT and non-IT Business Services XML HTML content Orchestration and Automation Secure, Consistent Process Automation Cloud Accelerators “Content cartridges” Integration Framework APIs to integrate with Portal, Catalog and Orchestrator Converged Infrastructure Management Cisco UCS Director FlexPod / ExpressPod Cisco UCS  Nexus Multi-Vendor Compute, Network, Storage, and Virtualization © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
  • 15. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
  • 16. Extending Cloud Catalog Beyond Data Center IT Service Catalog and Self Service Portal Enterprise IT Services Network Services Cloud Computing Services Unified Orchestration & Automation Hosted Collaboration Services BYOD Laptops/ Desktops Smartphone Tablet IP Phones/ Printers VDI Webex Manage Wired/Wireless Network Desktop Software Video – Live & On-Demand Mobile Apps VPN/Security Social Apps Enterprise Apps Other Network Functions Devices, Collaboration, Apps © 2010 Cisco and/or its affiliates. All rights reserved. Network Functions IaaS PaaS SaaS Virtual/Bare Metal Application Platforms Hosted Applications Virtual/ Physical Network Pre-built Application Infrastructure Cloud Service Brokerage Integration Multi-Cloud Blueprints Syndicated Applications Infrastructure & Platform Services Cisco Confidential 16
  • 17. Cisco Prime Service Catalog © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
  • 18. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
  • 19. Broad Range of Customer Wants Today 2014 Give me the VMs and storage and I’ll manage everything above the OS My needs are mixed. I’ll take all the goodies I can get, and build the ones that I can’t PaaS Services Infrastructure Resources (e.g. VDC, VM, Storage) © 2010 Cisco and/or its affiliates. All rights reserved. IaaS Services (some bundled, some not) Give me all the standard goodies, and let me just manage my application Application Middleware (e.g. App server, Web server, Database, …) Infrastructure Resources (not ordered directly by client) Cisco Confidential 19
  • 20. http://marketplace.saphana.com/ Cisco IAC Database-as-a-Service © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
  • 21. Forms: Define, Configure and Publish for Cloud Consumption © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
  • 22. Replaces Forms with Application Canvas – Spring 2014 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
  • 23. Some Definitions © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
  • 24. • Compute POD – is a container of physical resources to host Virtual Data Centers (VDCs) Provides the ability to host running instances of OS images IAC 4.0 provides the ability to automate both the provisioning of physical and virtual OS instances • Supported platforms Cisco UCS Manager Cisco UCS Director OpenStack Cloud Manager VMware vCenter Server VMware vCloud Director Amazon © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
  • 25. • Network POD Delivers a set of network services to the cloud tenants (customers) Services include: Routing Next Generation Firewall service Security Gateway Load Balancing • Supported device types: Edge Routers Layer 3 Aggregation Switches Layer 3 Service Nodes Layer 2 Access Switches UCS Manager Interconnects Virtual Access Switches © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
  • 26. • Virtual Data Center (VDC) A logical container for hosting virtualized resource with features like lifecycle management, quota management, policy enforcement and RBAC. All virtualized resources have a one to one relationship with a VDC. In essence VDCs‟ define the limit to which resources may be consumed as servers are provisioned within VDCs • CloudSync An innovative technology that allows IAC to synchronize infrastructure resources with IAC‟s data store, minimizing the number of interactive calls with platform element managers as well as keep the catalog offerings up to date with changing realities of the environment • Multi Cloud Describes IAC‟s ability to effectively manage multiple types of cloud providers and cloud element managers under a single pane of glass • Hybrid Cloud A cloud comprising of various cloud types (Private, Public, Community) offering multiple deployment models © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
  • 27. • Virtualized MultiService Data Center (VMDC) A Cisco reference and validated set of architectures that provides design and implementation guidance for Enterprises deploying private cloud services and Service Providers building virtual private and public cloud services • Virtual Services Architecture (VSA) Also a Cisco reference and validated set of architectures architecture, based on the success of the VMDC solution, targeted for purely virtualized environments. The solution utilizes compute and pod building blocks consisting of shared resource pools of network, compute, and storage components. Each of these components is virtualized and used by multiple tenants securely, so that each cloud tenant appears to have its own set of physical resources. The VSA architecture is applicable to both greenfield and brownfield deployments due to its virtualized nature and inherent agility. The architecture is a robust, scalable and highly available platform. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
  • 28. Architecture Overview © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
  • 29. LDAP/Active Directory Cisco Prime Services Catalog Cloud Content Self-Service Portal & ITSM Catalog Email Service Desk/CMDB Cisco Process Orchestrator Workflow Automation & Integration Framework Monitoring Policy-Based Compute Policy-Based Network OS/Bare Metal Provisioning Image/ Config Mgmt Cisco UCS Manager SSH / Prime Network Services Controller Cisco Server Provisioner Billing/ Chargeback Virtualization Mgmt Storage Mgmt Compute Mgmt Network Mgmt Virtualized Multi Service Data Center Architecture (VSA 1.0 or VMDC 2.3) © 2010 Cisco and/or its affiliates. All rights reserved. Cloud Service Providers IAC 4.0 System Cisco Confidential 29
  • 30. • …Multiple Points Of Delivery (POD) (a POD is a container of physical resources to host Virtual Data Centers) • supports multiple PODs that can be geographically distributed • …supports the Enterprise and Tier 2/3 Service Providers • …complies with Service Provider requirements • Includes multi-tenancy • Tenancy isolation • Higher scale deployments • …supports Compute and Network PODs and Virtual Data Centers • multiple types of cloud platforms per installation • multiple instances of the same cloud platform per installation • many VDCs per Compute POD. VDCs do not span Compute PODs but can span Network PODs with similar infrastructure. • …end users are indirectly aware of underlying infrastructure • they do not directly select the infrastructure (e.g UCS Manager, vCenter, etc.), but interact through logical constructs (sites, VDCs, etc) © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30
  • 31. • • • • • • Cisco UCS Director 4.1 Cisco Nexus 1000v Cisco Cloud Services Router Cisco ASA 1000v Cisco Virtual Security Gateway Cisco Prime Network Services Controller • Cisco Prime IPAM • Citrix Netscaler VPX • OpenStack • VMware vCloud Director • Amazon AWS © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31
  • 32. • IAC Base  Cisco Prime Service Catalog (Installation or Appliance)  Cisco Process Orchestrator • Compute Virtualization     VMware vCenter VMware vCloud Director OpenStack Cisco UCS Director • Networking Virtualization Services  Cisco IAC Management Appliance  Cisco Prime Network Services Controller • Bare Metal Provisioning  Cisco Server Provisioner (Bare Metal and Virtual) © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32
  • 33. Mode: Service Catalog • In this mode, the server runs as a Prime Service Catalog with full suite of IAC services. Mode: IAC Management Mode: Management Appliance Appliance • In this mode, the server runs as a • Management Appliance with battery In this mode, the server runs as the Management of utility services. Appliance running utility services. • Prime SC Mode No Management Appliance functionality. Service Catalog functionality is enabled and started. SC functionality includes Oracle database, SC RequestCenter, and SC ServiceLink. Provides the IAC UI. • Management Appliance Mode No Service Catalog functionality. Management Appliance services are started and enabled. The Management appliance performs network discovery functions and populates IAC with the underlying VMDC network infrastructure. IAC registers the network components that are pertinent to its operations. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33
  • 34. • Network Discovery, Inventory and Topology • Accelerates initial product deployment by: 1. onboarding physical and virtual network appliances for use as cloud infrastructure 2. automatically discovering of existing networks and IP addresses allocations suitable for brownfield deployments • • facilitates instantiation and orchestration of Prime NSC and other network services increases product extensibility by supporting other Cisco and third-party devices • Image Repository • Includes virtual appliance installation files for on-demand instantiation of new instances of: • Cisco CSR 1000v • Cisco ASA 1000v • Cisco Prime NSC • Cisco VSG • Citrix Netscaler VPX and Value Added not OOB • • Value-added: Cloud provider-specific services (appliances) may be added to the repository for parallel provisioning IAC documentation includes instructions on how to refresh or install new OVAs in the Appliance‟s filesystem. • Platform for Future Services • Enterprise Messaging System (AMQP message broker) • Provides message bus for transmission of messages between Prime Service Catalog and Process Orchestrator © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34
  • 35. IAC 4.0 requires the following products: • Cisco Prime Service Catalog • Cisco Process Orchestrator With the addition of a platform element resource manager, such as UCS Director, IAC is capable of providing, on demand, Infrastructure as a Service (IaaS) requests Additional element managers extend IACs feature set enabling providers to offer a wide range of cloud services, i.e. the addition of the IAC Management Appliance facilitates network automation operations © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35
  • 36. • One Cisco Prime Service Catalog one or more in the web tier and database tier; one in SL tier • One or more Cisco Process Orchestrators a platform element which is associated to all PODs (at a site) • Zero or more VMware vCenter Servers (not Linked Mode) • Zero or more Cisco Server Provisioners one may be associated to a POD or multiple PODs (not multiple within a POD) • Zero or more UCS Managers only one may be associated to a Compute POD • Zero or one Cisco Prime IPAMs • Zero or more Cisco UCS Directors one may service multiple Network PODs © 2010 Cisco and/or its affiliates. All rights reserved. • Zero or more Cisco Virtual Security Gateways two VSGs per Nexus 1000v per Tenant Organization, if advanced firewall features are required. • Zero or more Cisco Nexus 1000vs networks must be pre-provisioned if no Nexus 1000v is registered • Zero or more Cisco Prime Network Service Controllers only one may be associated to a Service Resource Container • Zero or more Cloud Service Router 1000vs (CSR) one CSR per Nexus 1000v per Tenant Organization if advanced networking is required • Zero or more Cisco ASA 1000vs one vASA per Nexus 1000v per Tenant Organization if advanced perimeter firewall features are required • Zero or more Citrix NetScaler VPX‟s one VPX per Nexus 1000v per Tenant Organization if load balance services are required Cisco Confidential 36
  • 37. Product Features and Functionality © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37
  • 38. • Compute Automation Physical and Virtual, Support for multiple hypervisor types • Network Automation Automation and lifecycle management of Cisco‟s validated design VSA 1.0 for virtualized network services • Infrastructure Synchronization – CloudSync Innovative consolidation of infrastructure inventory resource information • Pricing and Showback Granular service pricing (and showback) per customer • Virtual Data Center Lifecycle Management A virtual container for hosting virtualized resource with quota management, policy enforcement and RBAC © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38
  • 39. Cisco VSA Certified Solution …  Out of the box support for VSA 1.0 Advanced Multi-Tenancy “Out of the Box”…  End to end tenant management Virtual & Physical Networking Tenancy Cloud Platforms Pricing Hybrid Cloud management …  Multi cloud management across UCSD, vCenter, vCloud, AWS and OpenStack © 2010 Cisco and/or its affiliates. All rights reserved. Tenant and Provider Business Admin Personas  First class tenant and service pricing models  Tenant Quotas Cisco Confidential 39
  • 40. CISCO VSA Certified Solution …  Out of the box support for VSA 1.0 Advanced Multi-Tenancy “Out of the Box”…  End to end tenant management Virtual & Physical Networking Tenancy Cloud Platforms Pricing Hybrid Cloud management …  Multi cloud management across UCSD, vCenter, vCloud, AWS and OpenStack © 2010 Cisco and/or its affiliates. All rights reserved. Tenant and Provider Business Admin Personas  First class tenant and service pricing models  Tenant Quotas Cisco Confidential 40
  • 41. • Tenant in the context of a cloud infrastructure and SaaS is simply another name for “customer.” • A cloud provider (Enterprise or Service Provider) will have multiple “customers,” i.e. multiple tenants, and their respective organizations (and users) could be part of a shared or a dedicated infrastructure. • In Cisco Intelligent Automation for Cloud 4.0, no tenant can determine the existence of any other tenant; tenants may only see members of their own tenancy (users and roles). • Tenants are authenticated and authorized to access their data, no tenant can access the data of any other tenant, including: Data in motion (network) Data at rest (storage) Data in memory (compute) © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 41
  • 42.  Tenant → Organization → User hierarchy  On-board/modify/off-board tenants  Complete data isolation between tenants Datacenter Tenant (s)  Tenant admin user roles Organization (s)  Tenant-specific views, summaries  Tenant-specific pricing policies  Provider control (on/off) of service options per tenant VDC (s) Resource (s)  Provider control (on/off) of global templates per tenant © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 42
  • 43. Cloud Provider (IAC Customer) • Cloud Provider Technical Administrator Cloud Provider Cloud Provider Cloud Provider Technical Business Administrator Administrator • Cloud Provider Business Administrator • Tenant Technical Administrator • Tenant Business Administrator • Organization Technical Administrator • Virtual & Physical Server Owner • Virtual Server Owner • Product Extenders Solution Team Form Extender © 2010 Cisco and/or its affiliates. All rights reserved. Tenant A Tenant B Tenant Tenant Technical Business Administrator Administrator Legal Marketing Organization Technical Administrator OTA TTA Tenant TBA Accounting Sales OTA OTA User Organization Cloud EndUser Resources Cisco Confidential 43
  • 44. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 44
  • 45. Cisco VSA Certified Solution …  Out of the box support for VSA 1.0 Advanced Multi-Tenancy “Out of the Box”…  End to end tenant management Virtual & Physical Networking Tenancy Cloud Platforms Pricing Hybrid Cloud management …  Multi cloud management across UCSD, vCenter, vCloud, AWS and OpenStack © 2010 Cisco and/or its affiliates. All rights reserved. Tenant and Provider Business Admin Personas  First class tenant and service pricing models  Tenant Quotas Cisco Confidential 45
  • 46. Intelligent Automation for Cloud IaaS Multi-Cloud Orchestration and Automation (Cisco Process Orchestrator) Vmware vCenter, vCloud AWS Virtual and Bare Metal Deployment Converged Infrastructure Management (UCS Director) UCS FlexPod Vblock (Billing, Assurance, Resource Management) (Cisco Cloud Portal) 3rd Party Systems Management Service Catalog + Self-Service Portal OpenStack Multi-Cloud (Virtual) Network Services (Virtual Services Architecture → PNC → N1Kv CSR, VSG, vASA → InterCloud → vNAM) © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 46
  • 47. • IAC has the ability to automatically deploy and configure virtual network devices per customer unique requirements • Built in support for a variety of network containers types with inherent support for multi- tier application deployments • Based on Cisco‟s Validated Design known as „Virtual Services Architecture‟ or VSA • Devices are allocated at the Customer‟s organization level allowing for autonomous management between a company‟s functional business units © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 47
  • 48. Bronze Public or Private Zone Compute Firewall Unlimited VLANs per Zone © 2010 Cisco and/or its affiliates. All rights reserved. Silver Load Balancing Compute Firewall Public or Private Zone Unlimited VLANs per Zone Gold Load Balancing Perimeter Firewall Compute Firewall Public or Private Protected Zone Unlimited VLANs per Zone Cisco Confidential 48
  • 49. • Overlay Networking for tenant segmentation and intra-DC L2 extension • Virtual services – with single service instance per tenant organization Virtual and physical also supported • Abstracted network control via Prime NSC © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 49
  • 50. Provider NOTE: 6 distinctive zones per Org Tenant Virtual Infrastructure Bronze Virtual Data Center 1 Organization A Organization B Virtual Infrastructure VDC 1 Dev Silver Virtual Data Center 2 VDC 2 Test Silver Virtual Data Center 3 VDC 3 Prod © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 52
  • 51.  Complete isolation between tenant environments  Dedicated virtualized resources per tenant‟s organization © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 53
  • 52. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 54
  • 53. Cisco VSA Certified Solution …  Out of the box support for VSA 1.0 Advanced Multi-Tenancy “Out of the Box”…  End to end tenant management Virtual & Physical Networking Tenancy Cloud Platforms Pricing Hybrid Cloud management …  Multi cloud management across UCSD, vCenter, vCloud, AWS and OpenStack © 2010 Cisco and/or its affiliates. All rights reserved. Tenant and Provider Business Admin Personas  First class tenant and service pricing models  Tenant Quotas Cisco Confidential 55
  • 54. Multi-Cloud Portal (Service Catalog, Demand Management, Financial Management) Hybrid Cloud Public Cloud Services Traditional Data Center Private Cloud Cisco IAC 4.0: Out-of-the-box Amazon, vCloud Director, OpenStack, UCS Director © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 56
  • 55. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 57
  • 56. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 58
  • 57. VMware vCenter Server VMware vCloud Director OpenStack Cisco UCS Director View Snapshots X X X X Take Snapshot X X X X Revert to Snapshot X X X X Delete Snapshot X X X X Power Up VM X X X X X Power Down VM X X X X X Power Cycle VM X X X X X Convert VM to Template X X Clone VM to Template X X Modify Server Ownership X X X X X © 2010 Cisco and/or its affiliates. All rights reserved. Amazon EC2 Cisco Confidential 59
  • 58. Cisco VSA Certified Solution …  Out of the box support for VSA 1.0 Advanced Multi-Tenancy “Out of the Box”…  End to end tenant management Virtual & Physical Networking Tenancy Cloud Platforms Pricing Hybrid Cloud management …  Multi cloud management across UCSD, vCenter, vCloud, AWS and OpenStack © 2010 Cisco and/or its affiliates. All rights reserved. Tenant and Provider Business Admin Personas  First class tenant and service pricing models  Tenant Quotas Cisco Confidential 60
  • 59. IAC 4.0 provides…  Pricing - a method to set pricing on common objects  Showback - a mechanism to allow users to see the calculated cost of their potential orders during the ordering process  Run Rates - a mechanism for users to see the recurring cost of the items that they own - a mechanism for administrators to see the recurring cost of the items that their tenants own  Billing Integration - real-time billing events that can be consumed by a billing system within an extension point IAC 4.0 does not provide… • Billing - invoicing and payment transacting • Metering - financial management based on measured utilization © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 61
  • 60. IAC 4.0 Pricing IAC 4.0 • How do I set prices on cloud services? • How do I give one tenant a discount over another tenant? Showback IAC 4.0 • How much have I, my organization or all my organizations spent? • How much am I about to spend both as a one-time and recurring cost (run rate)? • How much is what I have purchased costing me? Revenue IAC 4.0 • How much are my tenants spending in my cloud? • Which cloud services are reaping the most revenue (by tenant)? Billing Integration IAC 4.0 • How do I send costs incurred to my incumbent billing system? Metering • How am I utilizing my resources? • Do I need more or less resources? Billing • What is my bill? • Where and how do I send my payment? © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 62
  • 61. • • • © 2010 Cisco and/or its affiliates. All rights reserved. Billing Rate for an operation that incurs one-time charge A Billing Rate Table with multiple cost drivers Each Table represents one Billable operation (unless the rates apply to more than one operation) Cisco Confidential 63
  • 62. • Turn on Compute Price if you want to show prices from Billing Rate Table on the request form • • © 2010 Cisco and/or its affiliates. All rights reserved. This illustrates out-of-box experience Service Designer can use JavaScript to customize the pricing display on the request form Cisco Confidential 64
  • 63. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 65
  • 64. Cloud Governance Pricing → Quotas → Demand Management→ Supplier Management Orchestration and Automation Virtual and Bare Metal Deployment VMware vCenter, vCloud, AWS Rackspace Converged Infrastructure Management (UCS Director) UCS FlexPod Vblock VSPEX, VMAX Resource Management IaaS - NaaS - NfV - PaaS - UCaaS - Collab - DaaS - Syndicated.. Multi-Cloud Inter-Cloud Service Assurance Service Catalog + Self-Service Portal 3rd Party Assurance – Billing - CRM Delivers Complete Clouds and Beyond OpenStack Multi-Cloud (Virtual) Network Services (Virtual Services Architecture → PNSC → N1Kv, CSR, VSG, vASA, VPX → InterCloud → vNAM) © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 66
  • 65. Southern California Edison deploys Cisco IAC and Cloupia with FlexPod To Learn More About Our Other Cisco Intelligent Automation for Cloud Solutions, Please Visit www.cisco.com/go/iacloud Cisco IAC's flexibility has allowed SCE to tailor their cloud service deployment without replacing their legacy software. May 21, 2013 Windstream Accelerates Time to Revenue with Cisco Cloud Management and Vblock A combined $15 million in products and services, including nearly $7m to date from the sale of Vblock Systems and Cisco UCS at Windstream. April 09, 2013 Swisscom Case study: Telco Delivers Fast, Flexible, Secure Services in the Cloud Email Questions to me at: bill.petro@cisco.com © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 67
  • 66. Thank you.
  • 67. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 69
  • 68. Synchronize data between service catalog and provider‟s cloud infrastructure • Classes of Data • Cloud Platforms • Tenant and Organizations • Cisco UCS • Virtual Data Center • Cisco Server Provisioner • VMware vCenter • resource assignments • Compute • VMware vCloud Director • Network • Amazon EC2 • Storage • OpenStack • Templates • UCS Director • Metrics • resource usage and availability • Frequency • • Targeted Discovery Intelligent (non-greedy) © 2010 Cisco and/or its affiliates. All rights reserved. On-demand • Scheduled • • Granular scheduling Event-based Cisco Confidential 70
  • 69. • Register Platform Elements and selectively make available for ordering (resources, networks, images) • Populate selection lists for better user experience during administration • Populate selection lists for user orders applying RBAC • Render dashboards for resource usage and availability at provider and tenant level • Audit and repair usage recorded in service items (e.g., reconcile changes made outside of service offerings) • Import items provisioned outside of service offerings, such as pre-existing virtual machines © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 71
  • 70. Legend Automated Transition Registered Maintenance Ignored Manual Transition Not Found Extension Point Discovery process © 2010 Cisco and/or its affiliates. All rights reserved. Discovered Cisco Confidential 72
  • 71. State Name State Description Permitted Transitions To Permitted Transitions From Discovered Discovered, but not administratively processed Registered Ignored Not Found Not Found (only by being rediscovered) Registered Administratively processed, online for use Maintenance Not Found Discovered Ignored Maintenance Ignored Administratively processed, explicitly excluded from use by solution Registered Not Found Discovered Registered Maintenance Administratively offline/unavailable Registered Ignored Not Found Registered Previously known, but missing from the most recent discovery Discovered (only by being rediscovered) Discovered Registered Ignored Maintenance Maintenance Not Found © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 73
  • 72. Platform Type/ Property VMware vCenter Server VMware vCloud Director OpenStack Amazon AWS (EC2) UCS Director Prime NSC Compute POD Data Center Organization OpenStack PE ID Account Account N/A Tenant Folder Organization N/A Account N/A Tenant Organization Folder N/A N/A N/A Organization N/A VDC Resource Pool Organization VDC Project Account VDC N/A VLAN Instance vCenter Network Org Network / Network Pool Network ID Network ID Network Policy N/A VM Template Full Path VM Template HREF Image ID AMI ID Catalog N/A Flavor (new) Server Size Values Server Size Values Flavor ID Instance Name Compute Policy N/A Service User vCenter User user@system Keystone User Access Key UCSD User NSC User Service Password vCenter Password vCloud password Keystone Password Secret Key UCSD Password NSC Password © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 74
  • 73. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 75
  • 74. User Seed Device & Credentials Orchestrator Portal Management Appliance Discovery Service Inventory Service Topology Service Session Information Requisition Complete Async REST Call Write Session Config Start Discovery Collect Device Inventory Record Device Inventory Record Device Inventory Record Device & Credential Collect Topology Update Interconnections Register Device Record Device Topology Record Device Topology Network POD © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 76
  • 75. • IAC discovers devices using ping sweep, Layer 2 neighbor discovery (CDP and LLDP), or a combination of the two. • Ping Sweep 1. 2. 3. 4. Requires a network range in the form of an network and a network mask. Requires a pool of credentials to choose from. Pings each IP address in the range for an ICMP response. For each responding device, attempts to fingerprint device with credentials from the pool. • Neighbor Discovery 1. Requires a seed device that can be either an IP address provided by the user, or an already discovered device. 2. Requires a pool of credentials to choose from. 3. For each seed device queries its CDP and LLDP neighbors. 4. Attempts to communicate with each device in the neighbors list trying credentials from the pool. 5. Makes every successfully discovered device a seed device, thus crawling from device to device. 6. Stops when a neighbor IP address is unreachable or no valid credentials can be found for it. • Discovery of networks that have overlapping ranges of IP addresses is not supported. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 77
  • 76. • As SNMP v2c or v3 is used for discovery, valid SNMP credentials are required for a device to be discovered and its inventory queried. • During discovery, SSH is used for initial credential verification and automatic topology discovery. • During device registration users are prompted for SSH password again for security reasons. A username is suggested based on last discovered credentials and can be overridden. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 78
  • 77. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 79
  • 78. • Fully Configurable • Offers different views based on a user‟s role membership • Provides support for portlets that adhere to the JSR168 and JSR286 specifications • Ability to highlight commonly used services • Display announcements using video or other types of media © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 80
  • 79. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 81
  • 80. • Lightweight Directory Access Protocol  Enable Single Sign On access to your environment • Mail Exchange  Notify users of their request‟s progress • Service Desk / Help Desk   Register resources with your assurance systems Integrate with existing processes, including encoded ITIL best practices • Inventory  Keep track of your company‟s assets • Monitoring  Validate your Service Level Agreements • Configuration Management systems  Track and audit changes in your environment • Billing and Chargeback  Obtain adequate and timely information for invoicing your customers • Other Cloud Service Providers (i.e. Amazon)  Leverage the possibilities / accommodate burst loads © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 82
  • 81. Role Based Access Control (RBAC) © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 83
  • 82. • IAC provides granular access to information based on a user‟s role within the solution • Roles are based on typical personas (i.e. administrators, developers, end users, etc.) granted specific responsibilities, permissions and capabilities © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 84
  • 83. • Profiling IAC users • Cloud Provider Technical Admin (CPTA) • Tenant Technical Admin (TTA) • Tenant Business Administrator (TBA) • Organization Technical Admin (OTA) • Organization Business Admin (OBA) • Virtual and Physical Server Owners (VPSO & VSO) • Service Designer • Workflow Specialist © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 85
  • 84. Cloud Provider (IAC Customer) • Cloud Provider Technical Administrator Cloud Provider Cloud Provider Cloud Provider Technical Business Administrator Administrator • Cloud Provider Business Administrator • Tenant Technical Administrator • Tenant Business Administrator • Organization Technical Administrator • Virtual & Physical Server Owner • Virtual Server Owner • Product Extenders Solution Team Form Extender © 2010 Cisco and/or its affiliates. All rights reserved. Tenant A Tenant B Tenant Tenant Technical Business Administrator Administrator Legal Marketing Organization Technical Administrator OTA TTA Tenant TBA Accounting Sales OTA OTA User Organization Cloud EndUser Resources Cisco Confidential 86
  • 85. Deployment Topologies © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 87
  • 86. Web Server Prime Service Catalog IIS 7.0 | Apache 2.2 Internet App Zone Firewall Perimeter Firewall DB Zone Firewall RDBM Server MSSQL / Oracle Process Orchestrator Web Tier © 2010 Cisco and/or its affiliates. All rights reserved. Application Tier Database Tier Cisco Confidential 88
  • 87. Web Server Prime Service Catalog IIS 7.0 | Apache 2.2 Internet App Zone Firewall Perimeter Firewall DB Zone Firewall RDBM Server MSSQL / Oracle Process Orchestrator Web Tier Application Tier Database Tier IAC Management Cisco Prime Network Appliance Services Controller Network Components © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 89
  • 88. Installation process overview / step wizard © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 90
  • 89. Component 10.0 Process Orchestrator (PO) Automation Engine 3.0 Platform Discovery 4.0 Prime Network services Controller (CPNS) Network Domain Manager 3.2 Adaptive Security Appliance (ASA) Perimeter Firewall Cloud Services Router (CSR) Routing NAT XE 3.1.1 Virtual Security Gateway (VSG) Compute Firewall 2.1.1 Citrix NetScaler VPX © 2010 Cisco and/or its affiliates. All rights reserved. Administrative Portal End User Portal Network Service Catalog IAC Management Appliance Tenant Virtual Services Components Version Prime Service Catalog (PSC) Core Orchestration Components Role Server Load Balancing 10.0 Cisco Confidential 91
  • 90. Component Role Version LDAP Server Identity Management Microsoft Active Directory® Sun Java™ Directory Server IBM Tivoli® Directory Server Microsoft .NET framework IAC pre-requisite 4.5 (Required for PO instance) Web Server IAC pre-requisite IIS 7.5 for PO Web console IIS, Apache or IBM HTTP Server for PSC Web Tier Java IAC pre-requisite 1.6u45 and above for PSC 1.7 and above for PO Network Time Protocol Time Synchronization N/A Nexus 1000v Virtual Network 4.2(1)SV2(2.2) VMware vSphere Virtual Compute Resource Management vSphere 5.1 Database IAC Database Microsoft SQL Server® 2008 R2 with SP2 Oracle® Database Server 11g Ver. 11.2.0.3 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 92
  • 91. • Active Directory (AD is required to deploy Cisco Process Orchestrator) • Network Time Protocol (required to sync time between all systems IAC systems) • Nexus 1000 VSM (required for instantiating Virtualized Network resources) Network Type Role Infrastructure Underlying infrastructure network. Will usually host the majority of infrastructure devices (ESXi host, UCS, vSphere, etc.) Management Network for the Management IP address of the VSA instances, CSR, CSG and Citrix NetScaler VPX instantiated by IAC. Network must be routable to IAC instances Service Network containing the data interfaces of all VSG‟s instantiated by IAC. Must be routable to the VSM management IP address (N1K) User User networks are used for deploying virtual machines or physical servers. • Prime Network Service Controller (required for provisioning the Virtualized Network resources) • VMware vCenter Data Center (required for instantiating IaaS offerings) © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 93
  • 92. Role Product SW Version Portal, Catalog Service Catalog (CP) 10.0 Orchestration Process Orchestrator (PO) 3.0 PXE OS Installation (physical and virtual) Server Provisioner (SP) 6.5 Network Discovery IAC Management Appliance 4.0 IAC Packaging IAC 4.0 Virtual CE CSR XE3.11 Network Domain Manager PNSC 3.2 Server Load Balancer Appliance SDX 10.1 Compute Firewall VSG Notes 4.2(1)VSG2(1.1) © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 94
  • 93. • Step 1 Prepare or verify the compute infrastructure: a. Install ESXi hypervisor on servers b. Install VMware vCenter c. Deploy the following systems (OS instances): – Active Directory – MS SQL – with vSphere PowerShell CLI for Process Orchestrator • Step 2 Configure prerequisite software: a. Active Directory on Windows VM b. Microsoft SQL Server on Windows VM c. NTP available d. Nexus 1000V © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 95
  • 94. • Step 3 Install Core IAC Orchestration Components (Day 0): a. Services Catalog on a supported OS or from an IAC Virtual Appliance (OVA) b. Process Orchestrator on a Windows VM c. IAC Management Appliance (OVA) d. PNSC Virtual Appliance (OVA) • Step 4 Setting up IAC (Day 1). • Import Process Orchestrator Tidal Automation Packs Option A – IAC Virtual Appliance • No configuration required when deploying the IAC Service Catalog Appliance (pre-packaged) Option B – Service Catalog clean install on supported OS • Deploy Service Catalog IAC Package and Request Center WAR files • Deploy Service Catalog Portlets • Import Service Catalog content (extracted from PO Automation packs) © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 96
  • 95. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 97
  • 96. • As „admin‟ perform the following steps: 1. 2. 3. 4. 5. 6. Set the Custom Styles Directory. Create NSAPI and rexuser accounts. Configure service that sets Rex Agent properties correctly in all Rex dependent agents. Start the service so that all Rex dependent agents get the correct setting. Start all Rex dependent agents. Create a cloud administration Organization for housing tenants, and create a cloud technical administrator (CPTA). 7. Make the NSAPI user a cloud technical administrator. 8. Start all agents. (Make sure to scroll to the bottom of the iframe containing the agent list, so as to view all agents). 9. Add the process Orchestrator as a Platform Element. 10. Configure licensing. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 98
  • 97. • As „CPTA‟ perform the following steps: 1. Add additional platform elements in the following order. a) b) 2. 3. 4. 5. IAC Management Appliance: Use the username and password of “admin/admin” VMware VSphere: Go to manage infrastructure and discover vSphere manually. Use Firefox to open the "manage infrastructure" portlet (it does not work in IE). Expand the "VMware Server" accordion. Click "Datacenters.“ Click "Discover VMware vCenter Cloud Resources." This process may take a long time depending on your vCenter infrastructure. • Prime Services Network Controller • Set the System Provisioning Settings Among other parameters, set the versions of VSG, ASA, CSR, and Citrix NetScaler VPX to what is installed on the IAC Management Appliance © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 99
  • 98. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 100
  • 99. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 101
  • 100. IAC allows for the system wide definition of service options • Default VMware vCenter Clone Timeout (Minutes) • CloudSync Discovery Interval (Hours) • CloudSync Discovery Timeout (Minutes) • Collect Metrics Interval (Hours) • System Health Check • Cloud Default Time Zone Linux • Cloud Default Time Zone Windows • Advanced Network Services • And more … © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 102
  • 101. • Cisco Adaptive Security Appliance Image (ASA) • Cisco Cloud Services Router Image (CSR) • Cisco Prime Network Services Controller Image (NSC) • Cisco Virtual Security Gateway Image (VSG) • Netscaler VPX Load Balancer Image (VPX) • IP Address Source • Deployed system‟s passwords © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 103
  • 102. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 104
  • 103. • Lease Term Standard Designates the amount of time a resource will be available to the customer / consumer © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 105
  • 104. • VDC Size Standard Provides sizing characteristics for Virtual Data Centers © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 106
  • 105. • VDC Size Standard Provides sizing characteristics for Virtual Data Centers © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 107
  • 106. Extensibility © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 108
  • 107. • „Extension Points‟ are built in place-holders that enable customers to „insert‟ their own logic into the execution sequence of IAC‟s predefined use cases. • This allows customers to exploit limitless integration options with their existing management and business ecosystems, but also fine tune configurations options that are unique to their infrastructure or their product offerings. • Future IAC product releases will preserve customer defined extensions, maintaining product upgradeability • The majority of the IAC services and workflows contain clearly defined „Pre‟ and „Post‟ placeholders for customers to place their particular configurations © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 109
  • 108. • IAC is also backed up by Cisco‟s Solution Accelerator Community, an initiative that enables customers to leverage innovative and pioneering supplements to their existing Cloud offerings. http://cs.co/cloudcommunity © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 110
  • 109. Conclusion © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 111
  • 110. • Competitive enterprise cloud Lower costs via OpenStack virtualization Hybrid cloud with multiple cloud platforms • Essential IaaS Well-rounded deployment and management of servers and disks Pricing, showback and billing integration • Large, critical clouds Multi-platform instance deployment Basic quota and capacity policies • Competitive service provider cloud Management of multiple, isolated tenants Rich tenant cloud functionality Lower costs via OpenStack virtualization • Cisco advantage • Deployment of real applications Advanced multi-tier VDCs Deploying virtual and physical infrastructure Bulk order of VMs Management of multiple virtual and physical disks Network value of cloud Network discovery and provisioning UCS Director integration Prime integration & synergy © 2010 Cisco and/or its affiliates. All rights reserved. • Continuous Improvement Easier installation UI/UX enhancements Cisco Confidential 112
  • 111. Enterprise • • • • Accelerate and expand private cloud adoption Use local and public clouds via multi-cloud brokerage Manage BUs and subsidiaries as separate tenants Leverage UCS and converged architectures in the cloud SP • • • • • • Build public clouds Compete against commodity cloud SPs with enhanced networking and application services Successfully compete against T1 providers Lower cost of operating via OpenStack support Leverage UCS and converged architectures in the cloud Host enterprise clients, modeling their structure • • Run a low cost cloud with OpenStack No-hassle upgrade to full product Commercial © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 113
  • 112. Advanced High Availability Capabilities…  Business Critical → Mission Critical (99.995%) support Advanced Multi-Tenancy “Out of the Box”…  End to end tenant management VMDC Certified Solution …  Out of the box support for VMDC 4.0 and 2.3 “Better Together” IaaS with UCS Director …  UCSD adapter + out of the box storage automation Hybrid Cloud management …  Multi cloud management across UCSD, vCenter, vCloud, AWS and OpenStack PaaS  Solution accelerator enabling “Stack” blueprints with embedded Chef/Puppet support ITaaS Business Portal and Service Catalog …  Next generation user interface, extensible across all IT services Solution Accelerator Community and Roadmap …  Example: Cloud Service Broker integration (Parallels) © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 114
  • 113. • An end to end, turn key-key, single pane-of-glass solution for organizations that are looking into delivering disciplined and structured self-service, automated cloud environments. • A powerful platform that can scale from single cloud to multi-cloud into hybrid-cloud deployments, while supporting richer application sets ordered by end users on demand. • A framework can accommodate complex customer‟s technical and business requirements offering end users a single interface for requesting a comprehensive array of services (ITaaS). • CIAC simplifies the intelligent placement of compute workloads based on an advanced automation engine that facilitates the entire process eradicating any human interaction in the decision making cycle. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 115
  • 114. Supplementary slides © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 116
  • 115. IAC Prime Service Catalog Cisco Process Orchestrator Virtual Physical PNSC 3.2 Physical Virtual UCSM Network Devices and Services Physical and Virtual Storage Domain Orchestrator CSP vSphere Compute Storage Network Element Management / Service Assurance © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 117
  • 116. Container Devices Services/Features Gold L2 Transport – Nexus 7000, 5000 L3 Routing Point – CSR1000v Zone-Based Firewall – CSR1000v Compute Firewall – VSG Load Balancing – NetScaler VPX Virtual Access – Nexus 1000v FI – UCS 6200 Load Balancing Perimeter Firewall Compute Firewall Public or Private Protected Zone Unlimited VLANs per Zone Silver L2 Transport – Nexus 7000, 5000 L3 Routing Point – CSR1000v Compute Firewall – VSG Load Balancing – NetScaler VPX 1000v Virtual Access – Nexus 1000v FI – UCS 6200 Load Balancing Compute Firewall Public or Private Zone Unlimited VLANs per Zone Bronze L2 Transport – Nexus 7000, 5000 L3 Routing Point – CSR1000v Compute Firewall – VSG Virtual Access – Nexus 1000v FI – UCS 6200 Public or Private Zone Compute Firewall Unlimited VLANs per Zone © 2010 Cisco and/or its affiliates. All rights reserved. Logical Topology Cisco Confidential 118
  • 117. 4-Zone Container List of Devices included Services/Features offered VMDC 2.3 Aggregation – Nexus 7004 Access – Nexus 5000 Virtual Access – Nexus 1000v Compute FW - VSG FW – ASA 5585 VPN – ASA 5555 LB – ACE 4710 FI – UCS 6200 Tenant Specific Public Zone Private Zone (L3VPN) Public Protected Zone Private Protected Zone (L3VPN) LB in each zone Perimeter Firewall Compute Firewall in each zone Remote Access VPN VMDC 4.0 L2 Transport – Nexus 7000, Nexus 5000 L3 Routing Point – CSR 1000v VPN Termination – CSR 1000v Zone-Based Firewall – CSR 1000v Compute Firewall – VSG Load Balancing – NetScaler VPX 1000v Virtual Access - Nexus 1000v FI – UCS 6200 Tenant Specific Public Zone Private Zone (L3VPN) Public Protected Zone Private Protected Zone (L3VPN) LB in each zone Perimeter Firewall Compute Firewall in each zone Remote Access VPN © 2010 Cisco and/or its affiliates. All rights reserved. Logical Topology Cisco Confidential 119
  • 118. Nexus 1000v Nexus 1000v Prime NSC Services Resource Container A Compute POD Resource Pool Cluster Services Resource Container B Management Network Compute POD Resource Pool Service Network InternetConnected Network Management Network Datastore Compute POD Resource Pool Service Network InternetConnected Network Cluster ASA 1000v CSR 1000v NetScaler VPX Management Network Service Network InternetConnected Network Cluster Datastore VSG Services Resource Container C Registered Created Datastore VSG ASA 1000v CSR 1000v NetScaler VPX VSG ASA 1000v CSR 1000v NetScaler VPX Optional ASA or FWSM NetScaler MPX ASA or FWSM F5 ASA or FWSM Nexus 5000 Nexus 5000 Nexus 7000 Nexus 7000 Nexus 5000 Nexus 5000 Nexus 7000 Nexus 7000 Nexus 5000 Nexus 5000 Nexus 7000 ASR 9/1000 Future Network POD Nexus 7000 Nexus 7000 Network POD 1 to 1 mapping Many to 1 mapping Many to Many mapping Instance of Orchestration Network POD © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 120
  • 119. Internet Enterprise • IAC 4.0 includes a base set of 16 VDC zone-based topologies • Additional permutations possible based on number of networks per zone © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 121
  • 120. Transit Network Transit Network L3 VPN Internet Outbound NAT • NAT Services include: Floating IP Addresses ASA1000v VPN CSR 1000v Citrix Netscaler Virtual IP Addresses VSG SubZone W Public Zone Protected FE Zone 1 Front-end Zones Zone 2 SubZone X SubZone Y Sub- Zone 3Zone Z Back-end Zones Nexus 1kv © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 122
  • 121. Screenshots © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 123
  • 122. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 124
  • 123. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 125
  • 124. Standardized Catalog of IT Services across solution domains Web-Based End-User Self-Service Portal Configurable Portal Pages and Portlets Role-Based Access Control (RBAC) Policy Governance and Approvals Reusable Templates for Service Request Workflows Lifecycle Management for Service Requests Finance & Demand Management © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 126
  • 125. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 127
  • 126. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 128
  • 127. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 129
  • 128. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 130
  • 129. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 131
  • 130. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 132
  • 131. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 133
  • 132. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 134
  • 133. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 135