Your SlideShare is downloading. ×
Cisco Dec 6 Toronto VMUG
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Cisco Dec 6 Toronto VMUG

2,338
views

Published on

Published in: Technology

0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,338
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
0
Comments
0
Likes
2
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Virtualization Aware Networking and Security Eugene Minchenko, @CiscoDC @CiscoCanada CSE Data Center Solutions www.cisco.com/go/ucs December 6th, 2011© 2010 Cisco and/or its affiliates. All rights reserved. 1
  • 2. • Vision• Virtual Switching Nexus 1000V Nexus 1010• Virtual Services and Security Virtual Security Gateway (VSG)• What’s New? VSG DCNM Virtual ASA VSM NAM VXLAN and vCD Integration• Resources© 2010 Cisco and/or its affiliates. All rights reserved. 2
  • 3. PHYSICAL VIRTUAL CLOUD WORKLOAD WORKLOAD WORKLOAD • One app per Server • Many apps per Server • Multi-tenant per Server • Static • Mobile • Elastic • Manual provisioning • Dynamic provisioning • Automated Scaling HYPERVISOR VDC-1 VDC-2 APPLICATION CONSISTENCY: PERFORMANCE, SCALE, AND SECURITY OPERATIONAL CONSISTENCY: MANAGEMENT AND POLICY© 2010 Cisco and/or its affiliates. All rights reserved. 3
  • 4. PHYSICAL VIRTUAL CLOUD WORKLOAD WORKLOAD WORKLOAD • One app per Server • Many apps per Server • Multi-tenant per Server • Static • Mobile • Elastic • Manual provisioning • Dynamic provisioning • Automated Scaling HYPERVISOR VDC-1 VDC-2 Nexus 7K/5K/3K/2K Nexus 1000V, VM-FEX WAAS, ASA, NAM, ACE VSG, Virtual WAAS, Virtual ASA UCS for Bare Metal UCS for Virtualized Workloads© 2010 Cisco and/or its affiliates. All rights reserved. 4
  • 5. 1. vMotion moves VMs across physical ports—the network policy must follow vMotion 2. Must view or apply network/security policy to locally switched traffic Port Group 3. Need to maintain segregation of duties while ensuring non-disruptive operations Security Admin Server Admin Network Admin© 2010 Cisco and/or its affiliates. All rights reserved. 5
  • 6. Accelerate Data Center Virtualization APP APP APP APP APP APP APP APP APP APP APP APP APP APP APP APP APP APP APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS OS OS OS OS OS OS OS OS OS OS OS OS OS OS OS OS OS OS Virtualized Agile Policy-Driven Multitenant Virtual Machine (VM) Networking Virtual Network Services Extend networking to virtualized Extend network services to virtualized environments: environments • Hypervisor Switch (SW): Nexus 1000V – • Virtual Security Gateway (for Nexus 1000V) IEEE 802.1Q standard based, feature rich • Virtual WAAS • External switch (HW): UCS6100/N5K* + • NAM virtual service blade on Nexus 1010 VM-FEX (IEEE 802.1Qbh pre-standard) • Virtual ASA© 2010 Cisco and/or its affiliates. All rights reserved. 6 *N5K support for VM-FEX in 4Q CY11
  • 7. Nexus 1000V Overview© 2010 Cisco and/or its affiliates. All rights reserved. 7
  • 8. Comparison to a Physical Switch Network Admin Modular Switch Supervisor-1 Supervisor-2 Back Plane Linecard-1 Linecard-2 … Linecard-N ServerServer 1 Server 2 Server 3 Admin© 2010 Cisco and/or its affiliates. All rights reserved. 8
  • 9. Moving to a Virtual Environment Network Admin Modular Switch Supervisor-1 Supervisor-2 Back Plane Linecard-1 Linecard-2 … Linecard-N ESX ESX ESX Server Admin© 2010 Cisco and/or its affiliates. All rights reserved. 9
  • 10. Supervisors Virtual Supervisor Modules (VSMs) Virtual Appliance VSM1 Network Admin VSM2 Modular Switch Supervisor-1 Supervisor-2 Back Plane Linecard-1 Linecard-2 … Linecard-N Hypervisor Hypervisor HypervisorVSM: Virtual Supervisor Module Server Admin © 2010 Cisco and/or its affiliates. All rights reserved. 10
  • 11. Linecards Virtual Ethernet Modules (VEMs) Virtual Appliance VSM1 Network Admin VSM2 Modular Switch Supervisor-1 Supervisor-2 Back Plane Linecard-1 Linecard-2 … Linecard-N VEM-1 VEM-2 VEM-N Hypervisor Hypervisor HypervisorVSM: Virtual Supervisor Module ServerVEM: Virtual Ethernet Module Admin © 2010 Cisco and/or its affiliates. All rights reserved. 11
  • 12. VSM + VEMs = Nexus 1000 Virtual Chassis Virtual Appliance VSM1• 200+ vEth ports per VEM VSM2• 2K vEths per N1K• 64 VEMs per N1K (connected by L2 or L3) L2 Mode L3 Mode• Multiple N1Ks can be created (under single hypervisor management center) VEM-1 VEM-2 VEM-N Hypervisor Hypervisor HypervisorVSM: Virtual Supervisor ModuleVEM: Virtual Ethernet Module © 2010 Cisco and/or its affiliates. All rights reserved. 12
  • 13. vPath – Virtual Service Datapath Virtual Appliance vWAAS VSG VSM vPath • Virtual Service Datapath L2 Mode L3 Mode VSG • Virtual Security Gateway for N1K vWAAS • Virtual WAAS vPath VEM-1 VEM-2 vPath vPath • Service Binding (Traffic Steering) Hypervisor Hypervisor • Fast-Path Offload © 2010 Cisco and/or its affiliates. All rights reserved. 13
  • 14. Faster VM Deployment Cisco Virtual Machine Networking Policy-Based Mobility of Network and Non-Disruptive VM Connectivity Security Properties Operational Model Port Profile VM VM VM VM VM VM VM VM Defined Policies WEB Apps Nexus Nexus HR 1000V 1000V VEM VEM DB DMZ VM Connection Policy • Defined in the network • Applied in Virtual Center • Linked to VM UUID vCenter Nexus 1000V VSM© 2010 Cisco and/or its affiliates. All rights reserved. 14
  • 15. n1000v# show port-profile name WebProfile Support Commands port-profile WebServers Include: description: status: enabled  Port management capability uplink: no system vlans:  VLAN port-group: WebServers config attributes:  PVLAN switchport mode access switchport access vlan 110  Port-Channel no shutdown  ACL evaluated config attributes: switchport mode access  Netflow switchport access vlan 110 no shutdown  Port security assigned interfaces: Veth10  QoS© 2010 Cisco and/or its affiliates. All rights reserved. 15
  • 16. © 2010 Cisco and/or its affiliates. All rights reserved. 16
  • 17. Richer Network Services Cisco Virtual Machine Networking Policy-Based Mobility of Network and Non-Disruptive VM Connectivity Security Properties Operational Model VM VM VM VM VM VM VM VM VM VM VM VM VMs Need to Move • VMotion Nexus Nexus 1000V 1000V • DRS VEM VEM • SW upgrade/patch • Hardware failure VN-Link Property Mobility • VMotion for the network • Ensures VM security • Maintains connection state vCenter Nexus 1000V VSM© 2010 Cisco and/or its affiliates. All rights reserved. 17
  • 18. Increased Operational Efficiency Cisco Virtual Machine Networking Policy-Based Mobility of Network and Non-Disruptive VM Connectivity Security Properties Operational Model VM VM VM VM VM VM VM VM VI Admin Benefits • Maintains existing VM mgmt • Reduces deployment time Nexus Nexus • Improves scalability 1000V 1000V • Reduces operational workload VEM VEM • Enables VM-level visibility Network Admin Benefits • Unifies network management and operations • Improves operational security • Enhances VM network features • Ensures policy persistence • Enables VM-level visibility vCenter Nexus 1000V VSM© 2010 Cisco and/or its affiliates. All rights reserved. 18
  • 19.  L2 Switching, 802.1Q Tagging, VLAN Segmentation, Rate Limiting (TX) Switching  IGMP Snooping, QoS Marking (COS & DSCP), Class-based WFQ  Policy Mobility, Private VLANs w/ local PVLAN Enforcement Security  Access Control Lists (L2–4 w/ Redirect), Port Security  Dynamic ARP inspection, IP Source Guard, DHCP Snooping  Virtual Services Datapath (vPath) support for traffic steering & fast-pathNetwork Services off-load [leveraged by Virtual Security Gateway (VSG) and vWAAS]  Automated vSwitch Config, Port Profiles, Virtual Center Integration Provisioning  Optimized NIC Teaming with Virtual Port Channel – Host Mode  VMotion Tracking, NetFlow v.9 w/ NDE, CDP v.2 Visibility  VM-Level Interface Statistics  SPAN & ERSPAN (policy-based)  Virtual Center VM Provisioning, Cisco Network Provisioning, CiscoWorks Management  Cisco CLI, Radius, TACACs, Syslog, SNMP (v.1, 2, 3)  Hitless upgrade, SW Installer © 2010 Cisco and/or its affiliates. All rights reserved. 19
  • 20. • Network integrity is critical to long distance vMotion Nexus 1000V • Security vSphere • Quality of Service Layer-2 extension across • Network Monitoring DCs with Nexus 7K OTV Cisco Nexus • Troubleshooting 7000 Series • Nexus 1000V provides these critical network functions across data centers Nexus 1000V vSphere O T V Cisco Nexus 7000 Series Design Guides: Virtual Workload Mobility (aka Long-distance vMotion) Cisco, VMware and EMC (with 1000V and VSG)OTV: Overlay Transport Virtualization Cisco, VMware and NetApp (with 1000V and VSG) © 2010 Cisco and/or its affiliates. All rights reserved. 20
  • 21. Solution Nexus Nexus 1010 Virtual 1000V Security Gateway vBlock  FlexPOD   Virtual Desktop  Implicit  Support Virtual Multi-tenant  Implicit Planned DC (VMDC) support Long-distance  Implicit  vMotion support PCI 2.0  Implicit  support© 2010 Cisco and/or its affiliates. All rights reserved. 21
  • 22. VMware Product Nexus 1000V support vSphere 4 R vSphere 5 R (with stateless ESX) VMware View R VMware vCloud Director R* * Full integration planned in 4Q CY11© 2010 Cisco and/or its affiliates. All rights reserved. 22
  • 23. Cisco Nexus 1010 VSM VSM VSG NAM VSM DCNM© 2010 Cisco and/or its affiliates. All rights reserved. 23
  • 24. • Dedicated appliance hosting Nexus 1000V virtual supervisor modules Virtual Service Blades (VSB)• Network Analysis Module (NAM) VSB• Additional VSBs*: VSG, DCNM VSM VSM VSG NAM VSM DCNM UCS C200 M1 Physical Appliance: • 2 * Intel X5650- 2.66GHz, 6 core • 1 * Broadcom Quadport GbE 5709 NIC Card • 4 * 4 GB RDIMMs RAM • 1 * Serial Port • 2 * 500GB SATA-II HDD • 1 * Rail-Kit© 2010 Cisco and/or its affiliates. All rights reserved. DCNM: 4QCY11 25
  • 25. VSM on Virtual Machine VSM on Nexus 1010 1000V VM VM VM VM VM VM VM VSM x 1 Nexus Nexus 1000V 1000V Server Server 1000V VSM x 4 Cisco Nexus 1010 Physical Switches Physical Switches© 2010 Cisco and/or its affiliates. All rights reserved. 26
  • 26. VSM as VM VSM on Nexus 1010 Nexus 1000V features and scalability   VEM running on vSphere 4 Enterprise Plus   NX-OS high availability of VSM   Software-only deployment  Installation like a standard Cisco switch  Network Team owns/manages the VSM © 2010 Cisco and/or its affiliates. All rights reserved. 27
  • 27. Optimize Application Performance and Network Resources VM VM VM VM • Application Performance Monitoring • Traffic Analysis and Reporting Nexus Applications, Host, Conversations, VLAN, 1000V QoS, etc. VEM Per-application, per-user traffic analysis vSphere • View VM-level Interface Statistics • Packet Capture and Decodes • Historical Reporting and Trending ERSPAN NAM Virtual Blade on NetFlow Nexus Nexus 1000V vCenter VSM 1010© 2010 Cisco and/or its affiliates. All rights reserved. 28
  • 28. Virtual Security Gateway(VSG)© 2010 Cisco and/or its affiliates. All rights reserved. 29
  • 29. Traditional Data Center Virtual/Cloud Data Center VDC-1 APP OS Hypervisor VDC-2 FW WAN ADC/ Opt SLB • Application-specific • Virtual appliance form factor services Virtual • Dynamic instantiation/provisioning • Form factors: Service • Service transparent to VM mobility Appliance Node • Support scale-out Switch module (VSN) • Large scale multitenant operation© 2010 Cisco and/or its affiliates. All rights reserved. 30
  • 30. Redirect VM traffic via VLANs Apply hypervisor-based to external (physical) firewall virtual network services Web App Database Web App Database Server Server Server Server Server Server Hypervisor Hypervisor VLANs Virtual Contexts VSN VSN Virtual Service Nodes Virtual Service Nodes Traditional Service Nodes© 2010 Cisco and/or its affiliates. All rights reserved. 31
  • 31. Features• Secure segmentation with zone-based FW• VM-level granularity with context-aware rules• Virtual Network Management Center: Centralized policy-based managementBusiness Benefits• Operational simplicity• Deployment flexibility• Performance optimization• Consistent security policy compliance and auditing Virtual Security Gateway on Nexus 1000V with vPath© 2011 Cisco and/or its affiliates. All rights reserved. 32
  • 32. Virtual Security Gateway for Nexus 1000V Content-based, Virtualization-aware, Multi-tenant, Workload Segmentation for Data Centers and Clouds VNMC VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM Nexus 1000V vPath Distributed Virtual SwitchVSG VSG(Stand-by) (active) Secure Segmentation Efficient Deployment (VLAN agnostic) (secure multiple hosts) Transparent Insertion High Availability Log/Audit (topology agnostic) © 2010 Cisco and/or its affiliates. All rights reserved. 33 VNMC: Virtual Network Management Center
  • 33. Virtual Security Gateway for Nexus 1000V Content-based, Virtualization-aware, Multi-tenant, Workload Segmentation for Data Centers and Clouds VNMC VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM Nexus 1000V vPath Distributed Virtual SwitchVSG VSG(Stand-by) (active) Secure Segmentation Efficient Deployment Dynamic policy-based (VLAN agnostic) (secure multiple hosts) provisioning Transparent Insertion High Availability Log/Audit (topology agnostic) © 2010 Cisco and/or its affiliates. All rights reserved. 34 VNMC: Virtual Network Management Center
  • 34. Virtual Security Gateway for Nexus 1000V Content-based, Virtualization-aware, Multi-tenant, Workload Segmentation for Data Centers and Clouds VNMC VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM Nexus 1000V vPath Distributed Virtual SwitchVSG VSG(Stand-by) (active) Secure Segmentation Efficient Deployment Dynamic policy-based (VLAN agnostic) (secure multiple hosts) provisioning Transparent Insertion Mobility aware High Availability Log/Audit (topology agnostic) (policies follow vMotion) © 2010 Cisco and/or its affiliates. All rights reserved. 35 VNMC: Virtual Network Management Center
  • 35. Virtual Security Gateway Intelligent Traffic Steering with vPath VNMC VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM 4 Nexus 1000V vPath Distributed Virtual Switch Decision VSG Caching 3 Initial Packet 2 Flow Access Control 1 Flow (policy evaluation) Log/Audit© 2010 Cisco and/or its affiliates. All rights reserved. 36
  • 36. VNMC VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM Nexus 1000V vPath Distributed Virtual Switch VSG ACL offloaded to Nexus 1000V (policy enforcement) Remaining packets from flow Log/Audit© 2010 Cisco and/or its affiliates. All rights reserved. 37
  • 37. • No need to deploy virtual services on every host • Plan CPU capacity indepently across application workloads & virtual services • Simpler to deploy with multiple operations teams (server, network,© 2010 Cisco and/or its affiliates. All rights reserved. security, etc.) 38
  • 38. Rule   Source Destination Action Condition ConditionCondition© 2011 Cisco and/or its affiliates. All rights reserved. ACE: Access Control Entry 39
  • 39. Rule   Source Destination Action Condition Condition Attribute Type NetworkCondition VM User Defined vZoneVM Attributes Network Attributes Operator OperatorInstance Name IP Address eq memberGuest OS full name Network Port neq Not-memberGuest OS Host name gt ContainsParent App Name ltCluster Name rangeHypervisor Name Not-in-rangeResource-pool PrefixPort Profile NameZoneCisco and/or its affiliates. All rights reserved.© 2011 Name ACE: Access Control Entry 40
  • 40. Virtual Network Management Center (VNMC) Tenant A Tenant B VDC VDC vApp vApp vPath Nexus 1000V vSphere Specify zoning policy with the appropriate granularity  Tenant, VDC, vApp, Resourse Pool© 2010 Cisco and/or its affiliates. All rights reserved. 41
  • 41. VM VM VMVM VM VM VMVM VM VM VMVM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM Database Servers Dev Servers Exchange Servers VM VM VMVM VM VM VMVM VM VM VMVM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM QA Servers Training Servers R&D Servers If vm-name contains “TRNG”, that VM belongs to TRNG zone Source Destination Protocol Action Zone=TRNG Zone=TRNG Any Permit Any Zone=TRNG Any Permit Zone=TRNG Any Any Drop© 2010 Cisco and/or its affiliates. All rights reserved. 42
  • 42. • Persistent virtual workspace for Server Zones the doctor Healthcare Portal Records Database Application• Flexible workspace for Doctor’s assistant Virtual Security Gateway (VSG)• Maintain compliance while supporting IT consumerization HVD Zones IT Admin Assistant Doctor GuestLeverage VM context (eg VM-name)to create VSG security policies ASA iT Admin NetworkReference Implementation: Guest• Includes: 1000V and VSG Doctor• Availablity: on CCO Cisco AnyConnect © 2011 Cisco and/or its affiliates. All rights reserved. 43
  • 43. Web Client Permit Only Port 80(HTTP) Permit Only Port 22 (SSH) Block All External Access of Web Servers to Application Servers to Database Servers Web-Zone Application-Zone Database-Zone Web App DB Server Web Server App Server DB Server Server Server Only Permit Web Servers Only Permit Application Servers Access to Application Servers Access to Database Servers© 2010 Cisco and/or its affiliates. All rights reserved. 44
  • 44. Simple yet powerful VM security management Scalable Multi Tenant Different Customers, different needs Stateless Security Profiles Expandable Simple, policy based security config Partitionable XML API 3rd party integration ready Integrated Automated Role Based Access Controls Different users, different privileges, LDAP/AD AuthN Virtual Security Nexus 1000V &vCenter Gateway Port profiles refer to security profiles Dynamic provisioning One stop configuration of network & security VNMC GUI Virtual Network Management Center© 2011 Cisco and/or its affiliates. All rights reserved. 45
  • 45. © 2010 Cisco and/or its affiliates. All rights reserved. 46
  • 46. Securing Tenant Edgeof Multi-tenant Cloud Data Center• Proven Cisco Security…Virtualized vCenter Physical – virtual consistency Virtual Network Management Center (VNMC)• Tenant A Tenant B Collaborative Security Model VDC VDC vApp VSG for intra-tenant secure zones Virtual ASA for tenant edge controls VSG VSG VSG vApp• Seamless Integration VSG With Nexus 1000V & vPath Virtual ASA Virtual ASA• Scales with Cloud Demand vPath Nexus 1000V Multi-instance deployment for horizontal vSphere scale-out deployment© 2010 Cisco and/or its affiliates. All rights reserved. 47 *Technology previewed at VMWorld 2011
  • 47. Secure, Scalable Segmentation for Cloud VLAN VLAN A BSecurity GW vApp1 vApp2 GW Web Web Isolation for every application VM VM VXLAN VXLAN 11 21 App AppScale VM VM VXLAN VXLAN 16M LAN Segments DB 12 22 DB VM VM Scalable segmentationStandards-based for multi-tenant cloud Submitted to IETF with VMware, Citrix, RedHat and others© 2010 Cisco and/or its affiliates. All rights reserved. 48
  • 48. VMW Cloud Orchestration vCloud Director vShield Manager VMW Network Stack VMW – Cisco Network Cisco Network Stack Stack (beta: Sept 2011) (future) Overdrive (Cisco Network Mgmt) vShield Edge vShield Edge (Security) (Security) Virtual ASA (Security) vSwitch Nexus 1000V Nexus 1000V vSphere Cisco Unified Computing System Continue future innovations across virtual/hypervisor and physical security© 2010 Cisco and/or its affiliates. All rights reserved. 49
  • 49. © 2010 Cisco and/or its affiliates. All rights reserved. 50
  • 50. Latest Releases Product CCO Links (August 2011) • SW Download Nexus 1000V 1.4a • Documentation www.cisco.com/go/1000v 4.2(1)SV1(4a) • Screencasts Nexus 1010 1.3 • SW Download www.cisco.com/go/1010 4.2(1)SP1(3) • Documentation Virtual Security Gateway • SW Download 1.2 (VSG) • Documentation 4.2(1)SV1(2) www.cisco.com/go/vsg • Screencasts Virtual Network • SW Download Management Center 1.2.1 • Documentation (VNMC) • Screencasts www.cisco.com/go/vnmc© 2010 Cisco and/or its affiliates. All rights reserved. 51
  • 51. 13 Feature Description / Benefit Now up to 6 Virtual Service Blades Can now host VSMs, VSGs, and NAM* in various (VSBs) combinations; for example: • Up to 6 VSMs • Up to 6 VSGs VSG 1.2 as a VSB on 1010 Decouples VSG VM from the production workload environment Virtual service blade export/import Simplifies management VSM backup/restore Enables DR planning Support for NAM v5.1 Diagnose VM-to-VM traffic Multi-Gb/s throughput Greater performance; reduced packet loss Redundant power supply Order w/ 1010 or as FRU Long-distance (DC-to-DC) vMotion Span up to 100 km to another DC for load support balancing and/or DR© 2010 Cisco and/or its affiliates. All rights reserved. *NAM can be instantiated only on one VSB 52
  • 52. 12 Feature Description / Benefit Expanded VM-attribute support for policy • Guest-OS Hostname (e.g. for firewall controls enforcement based on VDI PC hostname) • ResourcePool folder (e.g. for quarantining a mis- behaving VM) VSG as a virtual blade on Nexus 1010 • Ease of deployment ( Network admins don’t have to rely on Server admins to deploy VSG) vPath Ping (between VSG and VEM) • Ease of troubleshooting TCP reset policy action for rules • Reset action, in addition to permit/deny/log Long-distance (DC-to-DC) vMotion • Enable DRS (Dynamic Resource Scheduling) support across distributed data centers© 2010 Cisco and/or its affiliates. All rights reserved. 53
  • 53. Feature Description / Benefit Single-page policy editor • Author entire security profile from one page Expanded VM-attribute support for policy • Guest-OS Hostname (e.g. for firewall enforcement controls based on VDI PC hostname) • ResourcePool folder (e.g. for quarantining a mis- behaving VM) TCP reset policy action for rules • Reset action, in addition to permit/deny/log Per-tenant dashboard • Show all the tenant VSGs in one window Ability to export policy objects into a pdf/xls • Ease of operation. This is in addition to xml (text) export document Auto-populate of attribute values during • Ease of policy configuration security policy rule creation Configurable VNMC UI Time-out for login • Ease of operation Fault drill-down for VSG • Ease of troubleshooting (Event, Fault & Alarm views for error-handling) Additional Usability Enhancements • Helpful tool-tips • Multi-selection tables (to choose from multiple entries) • Sorting option for tables • Improved use of screen real-estate etc.© 2010 Cisco and/or its affiliates. All rights reserved. 54
  • 54. © 2010 Cisco and/or its affiliates. All rights reserved. 55
  • 55. • CCO Links 1000V: www.cisco.com/go/1000v 1010: www.cisco.com/go/1010 VSG: www.cisco.com/go/vsg VNMC: www.cisco.com/go/vnmc vWAAS: www.cisco.com/go/waas NAM on 1010: http://www.cisco.com/en/US/products/ps10846/index.html (or www.cisco.com/go/nam) • My Cisco Community: www.cisco.com/go/1000vcommunity • Deployment Guides Nexus 1000V Deployment Guide Nexus 1000V on UCS – Best Practices Nexus 1010 Deployment Guide VSG Deployment Guide • White papers: Nexus 1000V and vCloud Director N1K on UCS Best Practices Nexus 1000V QoS White paper (draft) VSG and vCloud Director (draft) vWAAS Technical Overview, vWAAS for Cloud-ready WAN Optimization© 2010 Cisco and/or its affiliates. All rights reserved. 56
  • 56. • vBlock with Nexus 1000V • FlexPOD with Nexus 1000V and Nexus 1010 • Virtual Multi-tenant Data Center with Nexus 1000V • Virtual Desktop 1000V and VMware View 1000V and Citrix XenDesktop 1000V and VSG in VXI Reference Architecture • Virtual Workload Mobility (aka Long-distance vMotion) Cisco, VMware and EMC (with 1000V and VSG) Cisco, VMware and NetApp (with 1000V and VSG) • PCI 2.0 with Nexus 1000V and VSG© 2010 Cisco and/or its affiliates. All rights reserved. 57
  • 57. Date Business Track Topics Webinar Preso Q&A Date Technical Track Topics Webinar Preso Q&A Nexus 1000V/10103/22 Play PDF PDF Nexus 1000V v1.4 Features & Overview and Update Install Overview 3/29 Play PDF PDF Virtual Network (Installation Screencasts Services: Virtual Service Link) Datapath (vPath), Network4/05 Play PDF PDF Analysis Module (NAM), Virtual Application Nexus 1010 Overview & Best 4/12 Play PDF PDF Acceleration (vWAAS) Practices Virtual Security Gateway (VSG) Overview Virtual Security Gateway4/19 Play PDF PDF 4/26 Play PDF PDF (VSG) Technical Overview (Installation Videos: Link) Journey to the Cloud w/ Nexus 1000V Key Features 5/10 Play PDF PDF5/03 N1KV: vCloud Director & Play PDF PDF Overview Long Distance vMotion 5/24 Nexus 1000V Troubleshooting Play PDF PDF Secure Virtual Desktop with5/17 Play PDF PDF Nexus 1000V & VSG Long Distance vMotion with 7/27 Play PDF Nexus 1000V and VSG PCI Reference Architecture 8/10 with Nexus 1000V and Play PDF Virtual Security GatewayWebinar Link: www.cisco.com/go/1000vcommunity© 2010 Cisco and/or its affiliates. All rights reserved. 58
  • 58. Date Technical Track Topics Webinar Preso Q&A Nexus 1000V, VXLAN, and 10/05 Register vCloud Director Virtualized Multi-Tenant Data 10/12 Register Center (VMDC) Nexus 1010 v1.3 - Whats 10/19 Register New? Virtualized Workload Mobility 10/26 Register - Latest Design Guidance UCS and Nexus 1000V - 11/02 Register Best Practices Virtual Security Gateway 11/09 Register (VSG) v1.2 - Whats New?© 2010 Cisco and/or its affiliates. All rights reserved. 59
  • 59. • N1K Download and 60-day Eval: www.cisco.com/go/1000vdownload• N1K Product Page: www.cisco.com/go/1000v• N1K Community: www.cisco.com/go/1000vcommunity• N1K Twitter www.twitter.com/official_1000V• N1K Webinars: www.tinyurl.com/1000v-webinar• N1K Case Studies: www.tinyurl.com/n1k-casestudy• N1K Whitepapers www.tinyurl.com/n1k-whitepaper• N1K Deployment Guide: www.tinyurl.com/N1k-Deploy-Guide• VXI Reference Implementation: www.tinyurl.com/vxiconfigguide• N1K on UCS Best Practices: www.tinyurl.com/N1k-On-UCS-Deploy-Guide© 2010 Cisco and/or its affiliates. All rights reserved. 60
  • 60. • Hands on labs available for Nexus 1000V and VSG in Cloud Lab https://cloudlab.cisco.com• Open to all Cisco employees• Customers/Partners require sponsorship from account team for access via CCO LoginID• Extended duration lab licenses for 1000V and VSG are available upon request© 2010 Cisco and/or its affiliates. All rights reserved. 61
  • 61. Thank you.