Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Bridging Applications and
Infrastructure Through Policy
Srini Kotamraju
Director, Product Management
9/1/2015
Application ...
2
© 2013-2014 Cisco and/or its affiliates. All rights reserved.
“Bare Metal”
VM Density and
Server I/0 Multi Cloud “Big Da...
Cisco Confidential 3©2014 Cisco and/or its affiliates. All rights reserved.
Evolve the network infrastructure to
be an ena...
4
© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Introducing: Application Centric Infrastructure
APPLICATIO...
5
© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Application Centric Infrastructure Components
Rapid Deploy...
Cisco Confidential 6©2014 Cisco and/or its affiliates. All rights reserved.
Data Center Automation and IT Collaboration
To...
7
© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Two Types of Languages
Infrastructure Language App Languag...
Cisco Confidential 8©2014 Cisco and/or its affiliates. All rights reserved.
Data Center Automation and IT Collaboration
AC...
Cisco Confidential 9©2014 Cisco and/or its affiliates. All rights reserved.
A new common language to
describe desired stat...
10
© 2013-2014 Cisco and/or its affiliates. All rights reserved.
An Innovative Approach to Policy
Provided
Contract
Provid...
11
© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Policy is Business Relevant
• Application Centric Infrast...
12
© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Application Policy Infrastructure Controller
Embracing SD...
13
© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Physical
Networking
Hypervisors
and Virtual
Networking
L4...
14
© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Introducing: Application Centric Infrastructure
APPLICATI...
15
© 2013-2014 Cisco and/or its affiliates. All rights reserved.
APP MOBILITYAPP VISIBILITY
Operational Simplicity —Physic...
16
© 2013-2014 Cisco and/or its affiliates. All rights reserved.
VIRTUALIZATIONCOMPUTE STORAGE
VCLOUD AUTOMATION CENTER
Ci...
17
© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cloud Automation - ACI with vRealize
ACI Integration with...
18
© 2013-2014 Cisco and/or its affiliates. All rights reserved.
ACI: OpenStack
Red Hat Enterprise Linux: KVM
Host 1
OVS
H...
19
© 2013-2014 Cisco and/or its affiliates. All rights reserved.
ACI FABRIC
HYPERVISOR HYPERVISORHYPERVISORHYPERVISOR HYPE...
20
© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Security: ACI Policy Model Enables Broad Segmentation
Ena...
21
© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Security: Policy Driven Micro-Segmentation
Whitelist, Mul...
22
© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Advanced Security at Scale
CENTRALIZED SECURITY ACROSS PH...
23
© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco ACI: Network Services
Physical and Virtual
Host 1
O...
24
© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Introducing: Application Centric Infrastructure
APPLICATI...
25
© 2013-2014 Cisco and/or its affiliates. All rights reserved.
ACI: OpFlex
SDN
Controller
OVSDB
Centralized Intelligence...
26
© 2013-2014 Cisco and/or its affiliates. All rights reserved.
APIC
Built Around Open APIs, Open Source
Automation
Enter...
27
© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Introducing: Application Centric Infrastructure
APPLICATI...
28
© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Business Continuity and Disaster Recovery
On Premise
PRIV...
29
© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Open: Choice and Investment Protection
Hypervisors
L4-L7 ...
Thank you.
31
© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Performance, Scale: Fastest 40G Platform
$ Multi-million ...
32
© 2013-2014 Cisco and/or its affiliates. All rights reserved.
ACI: Enabling Secure Hybrid Cloud
ACI: Enterprise Cloud
P...
33
© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Host 1 Host 2 Host 3 Host 4
Network Virtualization?
PHYSI...
Cisco Confidential 34©2014 Cisco and/or its affiliates. All rights reserved.
Data Center Automation – Manual versus Policy...
35
© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Goal: Application Agility
Virtual Compute Virtual Storage...
36
© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Goal: Application Agility
HOW DO WE MAKE INFRASTRUCTURE S...
37
© 2013-2014 Cisco and/or its affiliates. All rights reserved.
ACI Hypervisor Integration: VMWare DVS
VIRTUAL
Virtual Di...
38
© 2013-2014 Cisco and/or its affiliates. All rights reserved.
APIC OpFlex Agent
ACI Hypervisor Integration—MSFT SCVMM
1...
39
© 2013-2014 Cisco and/or its affiliates. All rights reserved.
ACI FABRIC
Microsoft System Center | R2 w/ Service Provid...
40
© 2013-2014 Cisco and/or its affiliates. All rights reserved.
ACI FABRICCOMPUTE STORAGE
Microsoft Private Cloud Solutio...
41
© 2013-2014 Cisco and/or its affiliates. All rights reserved.
ACI Hypervisor Integration—RHEL OpenStack
1 Create Applic...
Upcoming SlideShare
Loading in …5
×

Cisco at v mworld 2015 vmworld-deck-2015-final

324 views

Published on

Cisco at VMworld 2015

Published in: Engineering
  • Be the first to comment

  • Be the first to like this

Cisco at v mworld 2015 vmworld-deck-2015-final

  1. 1. Bridging Applications and Infrastructure Through Policy Srini Kotamraju Director, Product Management 9/1/2015 Application Centric Infrastructure
  2. 2. 2 © 2013-2014 Cisco and/or its affiliates. All rights reserved. “Bare Metal” VM Density and Server I/0 Multi Cloud “Big Data” DATA Data Center Demands for the Cloud-Era LOWER TCO | WORKLOAD FLEXIBILITY | AGILITY | COMPLIANCE/SECURITY 75% Physical Servers1 10G LAN on Motherboard2 ~45% of DC Multi-Hypervisor3 25% CAGR IP Traffic4
  3. 3. Cisco Confidential 3©2014 Cisco and/or its affiliates. All rights reserved. Evolve the network infrastructure to be an enabler for faster application deployment.
  4. 4. 4 © 2013-2014 Cisco and/or its affiliates. All rights reserved. Introducing: Application Centric Infrastructure APPLICATION ORIENTED POLICY = OPERATIONAL SIMPLICITY Open + Secure Apps+ Infrastructure On-Premises + Cloud Physical + Virtual
  5. 5. 5 © 2013-2014 Cisco and/or its affiliates. All rights reserved. Application Centric Infrastructure Components Rapid Deployment of Applications onto Networks with Scale, Security and Full Visibility Application Centric Policy ControllerNEXUS 9500, 9300 and AVS ACI F/W ADC ADCWEB APP DB
  6. 6. Cisco Confidential 6©2014 Cisco and/or its affiliates. All rights reserved. Data Center Automation and IT Collaboration Today: Serialized Configuration and Management MANUAL PROCESS LEADS TO INCREASED DEPLOYMENT TIMES NETWORKCOMPUTE SERVICES SECURITY Application Requirements Policy ViolationConfiguration Mismatch Successful Deployment ARCHITECT DESIGN COMPUTE Service Request SERVICES SECURITY NETWORK Application Available Deployment Trigger
  7. 7. 7 © 2013-2014 Cisco and/or its affiliates. All rights reserved. Two Types of Languages Infrastructure Language App Language Human Translator •  Application Tier Policy and Dependencies •  Security Requirements •  Service Level Agreement •  Application Performance •  Compliance •  Geo Dependencies •  VLAN •  IP Address •  Subnets •  Firewalls •  Quality of Service •  Load Balancer •  Access Lists
  8. 8. Cisco Confidential 8©2014 Cisco and/or its affiliates. All rights reserved. Data Center Automation and IT Collaboration ACI: Common Policy Framework and Operational Model Application Policy CLOUDAPPLICATION COMPUTE NETWORK STORAGE SECURITY POLICY-BASED AUTOMATION Application Requirements Defined set of application requirements Team builds application policy and template Operations team deploys with minimal risk and maximum speed ARCHITECT DESIGN Service Request Application Available Deployment Trigger
  9. 9. Cisco Confidential 9©2014 Cisco and/or its affiliates. All rights reserved. A new common language to describe desired state is needed.
  10. 10. 10 © 2013-2014 Cisco and/or its affiliates. All rights reserved. An Innovative Approach to Policy Provided Contract Provided Contract Provided Contract OUTSIDE DBAPPWEB ADC F/W ADC What is an application policy? Group: A set of virtual or physical workloads with the same policy1. Contracts: A set of rules governing communication between groups2. Service Chains: A set of network services between groups3.
  11. 11. 11 © 2013-2014 Cisco and/or its affiliates. All rights reserved. Policy is Business Relevant • Application Centric Infrastructure (ACI) allows the entire infrastructure to take commands in a business-relevant language. “Let my app servers talk to my web servers.” 1.  “Figure out where app lives in physical net” 2.  “Trunk VLAN 112 to switch 22.” 3.  “Add route….” 4.  “Plumb ports 7-12…” 5.  “Configure ACL…” 6.  “Apply QoS…” 7.  Repeat every time app moves or needs more capacity ACI Policy Aligned with Applications Traditional Policy Aligned with ….?
  12. 12. 12 © 2013-2014 Cisco and/or its affiliates. All rights reserved. Application Policy Infrastructure Controller Embracing SDN and Going Beyond POLICY:Centralized Application-Level Policy SECURE: Authentication, Role-Based Access, Audit VISIBILITY: System-Wide Visibility, Telemetry, Health OPENESS: Open Source / APIs / Standards EXTENSIBLE: Hypervisors, L4-7 Services Shipping Since Aug 2014 Centralized Point of Management PHYSICAL/ VIRTUAL
  13. 13. 13 © 2013-2014 Cisco and/or its affiliates. All rights reserved. Physical Networking Hypervisors and Virtual Networking L4–L7 Services Multi DC WAN and Cloud Storage Compute Simplification—Application Centric Policy APIC WEB APP DBF/W ADC ADC APP APP APPWEB WEB WEB DB DB DB
  14. 14. 14 © 2013-2014 Cisco and/or its affiliates. All rights reserved. Introducing: Application Centric Infrastructure APPLICATION ORIENTED POLICY = OPERATIONAL SIMPLICITY Open + Secure Apps+ Infrastructure On-Premises + Cloud Physical + Virtual
  15. 15. 15 © 2013-2014 Cisco and/or its affiliates. All rights reserved. APP MOBILITYAPP VISIBILITY Operational Simplicity —Physical, Virtual and Cloud PHYSICAL VIRTUAL PHYSICAL VIRTUAL TENANT Health Score Systems Telemetry 0 Packets dropped Latency Isolation 0 0 0 7 APP Health Score Systems Telemetry 25 Packets dropped Latency Isolation 0 0 0 6
  16. 16. 16 © 2013-2014 Cisco and/or its affiliates. All rights reserved. VIRTUALIZATIONCOMPUTE STORAGE VCLOUD AUTOMATION CENTER Cisco ACI: VMware vcenter HYPERVISOR Infrastructure Admin Tenant Creation Resource Reservation Data Collection Fabric Groups IAAS Policies Service Catalog VLAN VXLAN VLAN, VXLAN APIC + VCENTER DISTRIBUTED VIRTUAL SWITCH (DVS) VSHIELD APPLICATION VIRTUAL SWITCH (AVS) VM DISCOVERY : LLDP VM DISCOVERY : LLDP VM DISCOVERY : OPFLEX
  17. 17. 17 © 2013-2014 Cisco and/or its affiliates. All rights reserved. Cloud Automation - ACI with vRealize ACI Integration with vRealize for vSphere Deployments vRealize Automation vRealize Orchestrator ACI Policy Driven vRealize Automation Blueprints To Accelerate Application Deployment Day Zero Operations Day 1/ Day 2 Operations ü  Shared Services Plans ü  Virtual Private Cloud ü  Networks, Subnets, Security ü  Fabric Bring-up ü  Infrastructure provisioning ü  Security Domains Demo
  18. 18. 18 © 2013-2014 Cisco and/or its affiliates. All rights reserved. ACI: OpenStack Red Hat Enterprise Linux: KVM Host 1 OVS Host 2 OVS Host 3 OVS Host 4 OVSAPIC Plugin OVS Plugin Neutron Networking Controller Node REST API ACI FABRICCOMPUTE STORAGE Aci Fabric Support for RHEL Openstack Apic Plugin + OVs for Policy Instantiation Extend ACI Policy Constructs to Neutron Certified, Integrated Deployable Aci Solution For RHEL OS Evolution of Aci Network Concepts to Open Source Community Accelerate Deployment ofApplications on Open Solutions
  19. 19. 19 © 2013-2014 Cisco and/or its affiliates. All rights reserved. ACI FABRIC HYPERVISOR HYPERVISORHYPERVISORHYPERVISOR HYPERVISOR HYPERVISOR AGILITY: Any Application, Anywhere—Physical and Virtual Application Components Spread Across Multi-hypervisors F/W ADC COMPUTE STORAGE ADCWEB APP DBWEBWEBWEBWEBWEB APPAPPAPP DBAPP WEB WEB WEB WEB APP APP APP APP DB DB DB DB
  20. 20. 20 © 2013-2014 Cisco and/or its affiliates. All rights reserved. Security: ACI Policy Model Enables Broad Segmentation Enables Flexible Segmentation for Any Workload LEVEL OF SEGMENTATION / ISOLATION / VISIBILITY Segment by Application Lifecycle DEV TEST PROD Basic DC Network Segmentation PRODUCTION POD DMZ SHARED SERVICES Per Application-tier / Service Level Micro-Segmentation WEB APP DB Network centric Segmentation by VLAN VLAN 1 VXLAN 2 VLAN 3
  21. 21. 21 © 2013-2014 Cisco and/or its affiliates. All rights reserved. Security: Policy Driven Micro-Segmentation Whitelist, Multi-Tenant Isolation, Service Automation ACI Services Graph L4 Distributed Stateless Firewall Security Via Service Graph L4-7 Security Services (physical or virtual, location independent) Servers (Physical or Virtual, Containers, Micro Services) Firewall at Each Leaf switch Micro-segmentation: VM Attribute Based Grouping and Stateful Firewall ACI Service Insertion: Advanced Security With Cisco NGFW, FirePower, AMP Service Graph: Policy Applied Consistently for Any Workload (P, V ) At Scale
  22. 22. 22 © 2013-2014 Cisco and/or its affiliates. All rights reserved. Advanced Security at Scale CENTRALIZED SECURITY ACROSS PHYSICAL AND VIRTUAL Automate Compliance, Centralized Audit Visibility, Analytics, Forensics Policies Track Workloads Lifecycle Management Security Expressed in Application Language VM VM VM VM VM
  23. 23. 23 © 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco ACI: Network Services Physical and Virtual Host 1 OVS Host 2 OVS Host 3 OVS Host 4 OVS ACI FABRIC VIRTUAL F/W ADC QoS VI Admin SERVICE INSERTION. SERVICE CHAINING. LIFE CYCLE MANAGEMENT Application Deployment
  24. 24. 24 © 2013-2014 Cisco and/or its affiliates. All rights reserved. Introducing: Application Centric Infrastructure APPLICATION ORIENTED POLICY = OPERATIONAL SIMPLICITY Open + Secure Apps+ Infrastructure On-Premises + Cloud Physical + Virtual
  25. 25. 25 © 2013-2014 Cisco and/or its affiliates. All rights reserved. ACI: OpFlex SDN Controller OVSDB Centralized Intelligence Complicated / Low Agility/ High OPEX Low-level Features / High Maintenance Controller Does Not Scale TRADITIONAL SDN MODEL (IMPERATIVE) ACI MODEL (DECLARITIVE) APIC Policy Manager L4-7 ServicesRoutersP/V Switch Intelligence Everywhere Simple / Geared for Speed Interoperable/ Built for Innovation Scalable and Resilient No Standard Protocol ExistsOpFlex
  26. 26. 26 © 2013-2014 Cisco and/or its affiliates. All rights reserved. APIC Built Around Open APIs, Open Source Automation Enterprise Monitoring Systems Management Orchestration Frameworks OVM Hypervisor Management Applications OPFLEX Device Package API: L4-L7 Scripting OPFLEX Open Fabric Attached Device API … NORTHBOUND PROGRAMMABILITY LAYER SOUTHBOUND PROGRAMMABILITY LAYER OPFLEX
  27. 27. 27 © 2013-2014 Cisco and/or its affiliates. All rights reserved. Introducing: Application Centric Infrastructure APPLICATION ORIENTED POLICY = OPERATIONAL SIMPLICITY Open + Secure Apps+ Infrastructure On-Premises + Cloud Physical + Virtual
  28. 28. 28 © 2013-2014 Cisco and/or its affiliates. All rights reserved. Business Continuity and Disaster Recovery On Premise PRIVATE CLOUD PUBLIC CLOUD CLOUD BURSTING DISASTER SCENARIO BACKUP REPLICATION Backup / Replication Disaster Scenario Status: LOW PRIORITY Status: HIGH PRIORITY Transfer: SCHEDULED Transfer: IMEDIATELY
  29. 29. 29 © 2013-2014 Cisco and/or its affiliates. All rights reserved. Open: Choice and Investment Protection Hypervisors L4-L7 Services Management Security Storage RICH ECOSYSTEM RESTful APIs, Python etc. OPERATIONAL MODELS Scripting/Languages IT Automation OpenSource Integrated ACI Approach OpFlex Automate APPLICATION OPEN AND SECURE PHYSICAL AND VIRTUAL OPERATIONAL CHOICE—SERVICE PROVIDER, ENTERPRISE, COMMERCIAL CLOUD
  30. 30. Thank you.
  31. 31. 31 © 2013-2014 Cisco and/or its affiliates. All rights reserved. Performance, Scale: Fastest 40G Platform $ Multi-million Savings 40/100G on Existing Cables 2.8X Better Reliability 15% Better Power and Cooling Open Source / APIs / Standards Python, Power Shell, Puppet, Chef … 1011 0010 Programmable DC Networking for The Next Decade *100G Ready Standalone / ACI Ready Nexus 9000 1/10/40/100G*
  32. 32. 32 © 2013-2014 Cisco and/or its affiliates. All rights reserved. ACI: Enabling Secure Hybrid Cloud ACI: Enterprise Cloud PRIVATE CLOUD ACI: Provider Cloud InterCloud PRIVATE CLOUD SP MANAGED SP HOSTED PUBLIC CLOUD UTILITY CLOUD Consistent Policy Workload Mobility Open Framework Policy Consistency Across Enterprise, Cloud Common Management Across Private and Provider Clouds Transparent Application Migration at Layer-2 Cloud Bursting, Disaster Recovery Choice of Provider Clouds and Services Hypervisor Agnostic Application Deployment
  33. 33. 33 © 2013-2014 Cisco and/or its affiliates. All rights reserved. Host 1 Host 2 Host 3 Host 4 Network Virtualization? PHYSICAL NETWORK Network Admin Challenged by Scale, Reliability, Complexity, Visibility Gateways Gateways Only Has Visibility into the Virtual Layer VI Admin Gateways Gateways VIRTUAL VI Admin ESSENTIALLY RE-INVENTING THE NETWORKING OVER AGAIN—ONLY VIRTUAL Gateways Gateways
  34. 34. Cisco Confidential 34©2014 Cisco and/or its affiliates. All rights reserved. Data Center Automation – Manual versus Policy Driven Design it Procure it Install it Configure it Secure it Is it ready? Architect it Design it Is QA’d Is procured Is installed Is configured Is secured It is ready Architect it ACI Policy Driven ARCHITECT DESIGN COMPUTE Service Request SERVICES SECURITY NETWORK Application Available ARCHITECT DESIGN Service Request Application Available QA it
  35. 35. 35 © 2013-2014 Cisco and/or its affiliates. All rights reserved. Goal: Application Agility Virtual Compute Virtual Storage VIRTUALIZATION NetworkNetwork Compute Storage
  36. 36. 36 © 2013-2014 Cisco and/or its affiliates. All rights reserved. Goal: Application Agility HOW DO WE MAKE INFRASTRUCTURE SMART TO RESPOND TO APPLICATION NEEDS? Simplicity App Aware Automation NetworkNetwork Compute Storage
  37. 37. 37 © 2013-2014 Cisco and/or its affiliates. All rights reserved. ACI Hypervisor Integration: VMWare DVS VIRTUAL Virtual Distributed Switch VI Admin HYPERVISOR HYPERVISOR WEB APP DB WEB APP DB 1 Cisco APIC and VMware vCenter Initial Handshake2 Create VDS3 Attach Hypervisor to VDS4 Learn location of ESX Host through LLDP5 Create Application Policy6 Automatically Map EPG To Port Groups7 Create Port Groups8 Instantiate VMs, Assign to Port Groups9 Push Policy (Lazy) vCenter WEB PORT GROUP APP PORT GROUP DB PORT GROUP
  38. 38. 38 © 2013-2014 Cisco and/or its affiliates. All rights reserved. APIC OpFlex Agent ACI Hypervisor Integration—MSFT SCVMM 1 Cisco APIC and MSFT SCVMM Initial Handshake2 Create Virtual Switch3 Attach Hypervisor to Virtual Switch4 Learn location of HyperV Host through OpFlex5 Create Application Policy6 Automatically Map EPG To VM Networks7 Create VM Networks8 Instantiate VMs, Assign to VM Networks9 Push Policy VIRTUAL Hypervisor Virtual Switch HYPERVISOR HYPERVISOR WEB APP WEB APP DB MSFT SCVMM WEB VM NETWORK APP VM NETWORK DB VM NETWORK APIC Admin APIC OpFlex AgentSCVMM Admin Q2 CY 15
  39. 39. 39 © 2013-2014 Cisco and/or its affiliates. All rights reserved. ACI FABRIC Microsoft System Center | R2 w/ Service Provider Foundation Azure Pack GUI Cisco ACI: Microsoft System Center / Azure Pack Websites, Apps, Database, VMs, ACI Provider Portal Consumer Self-Service Portal Websites VMs SQL Service Bus Future Services Policy Management: APIC / Azure Pack VM Discovery: OpFlex Encapsulation: VLAN in Q2 CY15 (VXLAN, NVGRE in future) Zero touch network provisioning Service Insertion (Physical/ Virtual) ACI PROVIDER SERVICE OpFlex Driver Q2 CY 15
  40. 40. 40 © 2013-2014 Cisco and/or its affiliates. All rights reserved. ACI FABRICCOMPUTE STORAGE Microsoft Private Cloud Solutions Converged ACI Stack for Microsoft Applications Fully Integrated, Pre-Built Solutions Seamless Workload Mobility Expedite Application Rollout Deep Automation and Infrastructure Programmability Cisco + Microsoft Validated Designs Single Pane Of Glass Optimized Workload Performance Deep Visibility into Microsoft Virtual and Non-Virtual Environment Flexibility of Microsoft Software and Performance of ACI Hardware Simplified Application Deployment Future
  41. 41. 41 © 2013-2014 Cisco and/or its affiliates. All rights reserved. ACI Hypervisor Integration—RHEL OpenStack 1 Create Application Network Profile2 Automatically Push Network Profiles to APIC3 Create Application Policy4 Instantiate VMs5 Push Policy VIRTUAL HYPERVISOR HYPERVISOR HYPERVISOR WEB APP WEB APP DB WEB APP DB APIC Admin NOVANEUTRON OpenStack Tenant ACI FABRICCOMPUTE STORAGE F/W ADC ADCWEB APP DB

×