Cisco Virtual Network Management Center - Interop NY 2012 Presentation

2,192 views

Published on

Cisco Virtual Network Management Center - Interop NY 2012 Presentation

Published in: Technology, Education

Comments are closed

  • Be the first to comment

Cisco Virtual Network Management Center - Interop NY 2012 Presentation

  1. 1. Cisco Virtual NetworkManagement Center (VNMC)Device and Policy Management of Cisco Network Virtual ServicesRanga MaddipudiTechnical Marketing Engineer© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1
  2. 2. • Problem Statement and Vision• N1K, VSG, ASA1000V Overview• VNMC Benefits and Differentiators• Resources© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
  3. 3. 1.Network policy must follow VM migration (across racks, pods, and data centers)2.Administrators must view or apply network and security policy to locally switched traffic Port3.Administrators need to maintain Group segregation of duties while helping ensure nondisruptive operations Security Administration Server4.Organizations need a VLAN-agnostic Administration solution to decrease complexity and enhance scalability Network Administration© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
  4. 4. IT-as-a-Service Requires a New Management Approach Business Applications and IT Services Self-Service Portal and Orchestration Operations On-Demand Provisioning Service Governance Lifecycle Management Business Support Support Service Catalog Integration and Automation Pay-Per-Use Ecosystem Ecosystem Billing, CustomerService Assurance, Management, Compliance, Financial Configuration Management, … Infrastructure Resource Mgmt Management, … Pooled Resources Seamless Physical-Virtual Policy-Based Compute Policy-Based Network Service Profiles Network Containers Physical-Virtual, Multi-Hypervisor Dynamic Network Provisioning Compute Storage Network © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
  5. 5. Lower TCO by having Common UX and Common model to a single integrated operational flows enable federated access to Cisco development network virtual services in the cloud API-accessible Addressing Enterprise Part of the N1K abstraction layer and Service Provider architecture, manages simplifies cloud needs in a self the VSG and infrastructure contained multi-tenant ASA1000V security management for environment products customer and partners© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
  6. 6. • Accelerate virtualization and multi- VM VM VM VM tenant cloud deployments • Integrated into VMware vSphere hypervisor 1000V VEM • Provides advanced virtual machine switching vSphere • vPath and VXLAN technologies Server • Built on Cisco NX-OS • Provides: policy based VM connection, 1000V VSM mobile virtual machine security and network policy, and a non-disruptive Physical Switches operational model© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
  7. 7. Context aware Security VM context aware rules Virtual Security Zone based Controls Establish zones of trust Gateway (VSG) Dynamic, Agile Policies follow vMotion Best-in-class Architecture Efficient, Fast, Scale-out SW Non-Disruptive Virtual Network Operations Security team manages security Management Center Policy Based Central mgmt, scalable deployment, (VNMC) Administration multi-tenancy Designed for Automation XML API, security profiles© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
  8. 8. Built using Cisco® ASA infrastructure IPsec VPN (site to site) NATInteroperability with Cisco VSG through DHCPservice chaining Default gatewayVXLAN gateway Static routing Stateful inspectionMulti-tenant managementThrough Cisco VNMC IP audit© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
  9. 9. • Proven Cisco® security: virtualized physical and virtual consistency Cisco® Virtual Network Management Center (VNMC)• Collaborative security model Tenant A Tenant B ̶ Cisco Virtual Secure Gateway (VSG) for VDC VDC vApp intra-tenant secure zones Cisco VSG ̶ Cisco ASA 1000V for tenant edge controls Cisco vApp Cisco VSG VSG• Transparent integration Cisco VSG ̶ With Cisco Nexus® 1000V Switch and Cisco vPath Cisco ASA Cisco ASA 1000V 1000V• Scale flexibility to meet cloud demand Cisco vPath ̶ Multi-instance deployment for scale-out Cisco Nexus® 1000V deployment across the data center Hypervisor© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
  10. 10. Multi-Tenant Different customers and different needs Security Profiles Scalable Simple, policy-based security configuration Stateless XML API Expandable Ready for third-party integration Partitionable Role-Based Access Controls Different users and different privileges Integrated Automated Cisco Nexus® 1000V and VMware vCenter Port profiles refer to security profiles Dynamic Provisioning One-stop configuration of network and security Created to manage virtualization-specific workflows© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
  11. 11. • Single tenant can have up to three organizational sublevels• Each sublevel can have multiple organizations• Overlapping network addresses across tenants are supported Tenant vDC vApp Tier Level Level Level Level Tier 1 DC 1 App 1 Tier 2 Tenant A DC 2 Root App 2 Tier 3 Tenant B DC 3© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
  12. 12. Cisco® VNMC Administrator Roles Tenant-Level Access© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
  13. 13. 192.168.200.20 Tradeshow Outside SYN Floods 172.25.108.0 Client TenantA Outside: 192.168.200.15 NAT IP: 192.168.200.11 .87 ASA 1000V Static NAT Inside: 192.168.100.15 192.168.100.0 .20 .10 .11 .12 Web VSG Win 7 Client Db Server Server .86 .75© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
  14. 14. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
  15. 15. Cisco.com Cisco Support Community• Cisco VNMC: www.cisco.com/go/vnmc • Extensive training materials and VODs on various VNMC topics are available at the Cisco Support• Cisco® ASA 1000V: www.cisco.com/go/asa Community: https://supportforums.cisco.com• Cisco Nexus® 1000V: www.cisco.com/go/1000v• Cisco VSG: www.cisco.com/go/vsg© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
  16. 16. Thank you.

×