TechWiseTV Workshop: APIC-EM
•Download as PPTX, PDF•
2 likes•15,531 views
Hope you did not miss our deep dive: Cisco APIC-EM: IT Speed and Simplicity Through Automation Ronnie Ray walked through Cisco's purpose-built enterprise controller. Purpose build to help you move to software-defined networking (SDN) that works both on existing networks and on new infrastructure. Watch and Listen to the workshop replay at cs.co/6017Bl8Kb (check out the Digital Network Architecture episodes Part 1 and 2 at http://www.techwisetv.com) You will learn how Cisco engineers created the world’s best network automation controller, which provides enterprise resiliency and scale, an open and extensible platform, and a full suite of policy-driven SDN applications. You’ll learn about multiple time-saving apps that cover the complete network service lifecycle and drive policy enforcement consistently across the enterprise to make sure of zero-touch infrastructure deployment, quality of experience, and rapid troubleshooting. Moving to software-driven networking is the future. Join us and find out how to start your journey today.
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (20)
Similar to TechWiseTV Workshop: APIC-EM
Similar to TechWiseTV Workshop: APIC-EM (20)
More from Robb Boyd
More from Robb Boyd (20)
Recently uploaded
Recently uploaded (20)
TechWiseTV Workshop: APIC-EM
- 1. Cisco APIC-EM Automation Platform Ronnie Ray April 20, 2016
- 2. Ronnie Ray Sr. Director, Product Management ranray@cisco.com Cisco APIC-EM Automation Platform Driving IT Speed and Simplicity Through DNA Automation
- 3. Network Requirements for the Digital Organization Insights and Experiences Drive Business Innovations Security and Compliance Real-time and Dynamic Threat Defense Automation and Assurance Speed, Simplicity, and Visibility The Network Helps Enable Digital Business
- 4. Automation Abstraction & Policy Control from Core to Edge Open & Programmable | Standards-Based Open APIs | Developers Environment Cloud Service Management Policy | Orchestration Virtualization Physical & Virtual Infrastructure | App Hosting Analytics Network Data, Contextual Insights Network-enabled Applications Cloud-enabled | Software-delivered Cisco DNA Innovations New! Enterprise NFV Branch Service Virtualization Controlled Availability, May 2016 New! New! Available on DNA-Ready Infrastructure through Cisco ONE Software APIC-EM Automation Platform Completely New Platform Available Now Base Automation: Plug and Play, Path Trace Available Now Policy Services: IWAN App & Easy QoS Available Now CMX Cloud Presence Analytics and Connect Available Now
- 5. Automation Drives Operational Efficiency and Agility Time IT spends on operations CEOs are worried about IT strategy not supporting business growth80% 57% 0 100% CAPEX OPEX 33% 67% 0 10 100 1000 Computing Networking Seconds “…While other components of the IT infrastructure have become more programmable and allow for faster, automated provisioning, installing network circuits is still a painstakingly manual process...” —TechTarget/Network Evolution, April 2015 Network Expenses Deployment Speed
- 6. Transformative Change in How Networks are Built Result: DIY IT Process Automation Will Make Way for SDN Applications DIY ASSEMBLY AND INTEGRATION READY TO GO Faster Time to Market and Lower OpEx
- 7. Applications SDN Abstracts the Network for Policy Based Control SecurityOrchestration Automation Collaboration SOUTHBOUND ABSTRACTION LAYER CATALYST NEXUS ASRISR WIRELESSASA REST API OTHER SDN Ideal: Controller as the Application Platform SDN Controller as the Application Platform for Policy Automation Virtualization
- 8. APIC-EM • User and things centric policy abstraction • Simplification of complex network configuration with embedded Cisco best practices • Supports existing and new devices • Virtual (ISO) or appliance-based delivery Ready-to-deploy applications: IWAN Plug and Play (PnP) Path Trace EasyQoS ESA Cisco DNA Automation Platform for WAN and Access Networks BENEFITS: Brownfield Support Ready-to-use-Applications Open Northbound API
- 9. Network Specific Control APIC EM Vision Resolves Declarative Business Intent Renders into Domain-Specific Language Application/User/Business Driven Policies “Only corporate-owned devices in Group:FinExec can access quarterly results DB” Dynamic segmentation based on user/time/location/device
- 10. Functional Roles of Cisco APIC-EM Control Path and priority optimization based on network wide policy application Programmability Open REST API’s for powerful NB policy programmability for app development or integration Abstraction Complete abstraction of network wide devices and technologies agnostic of SB protocols Automation Massive simplicity and ease of use through from zero touch provisioning to day N operations
- 11. Automation: Plug and Play Lower deployment costs 79% ” Plug and play means no more IT engineers in the field – faster time to market and dramatically lowered costs. “ New! Eliminates Staging Truck Roll Cloud-Based Plug and Play Plug in and Cloud Provision Order Controller-Based Management Cisco ONE Foundation SWIIM
- 12. How it Works: Cisco PnP Application Plug & Play Enterprise-wide scale Automated workflow 79% lower deployment costs Pre-provision1 Discovery2 Secure Deployment3 Discovery1 Un-claimed Devices2 Secure Deployment3 Network PnP app pre-provisioned with device SR number Configure device discovery • DHCP Option-43 or DNS • Installer powers on devices • Devices download image and configuration • Installer powers on devices • Devices securely connect to APIC-EM server, waiting to be ‘claimed’ • Network admin claims devices based on device information • Device downloads image and configuration Configure device discovery • DHCP Option-43 or DNS Network PnP app on APIC-EM Admin EM DHCP Server DNS Server OR PnP-Agent PnP-Agent EM Device Authentication Download Image and Configure Installer Network PnP app on APIC-EM Admin EM DHCP Server DNS Server OR PnP-Agent PnP-Agent EM Device Authentication Download Image and Configure Installer
- 13. Policy Service: IWAN Automation Optimal Branch Experience Made Easy Faster deployments85% IWAN automation eliminates tedious configuration tasks for advanced networking features. I can configure IWAN with just 10 GUI clicks. “IWAN Momentum Intelligent Path Control Highly Secure Connectivity Application Optimization Transport- Independent 200+ deployments running up to 2500 sites Zero-Touch Rollout Set Application Policy Gain Visibility and Tune Point and Click Troubleshoot Simple Workflows IBM ”
- 14. How it Works: Cisco IWAN Application
- 15. Policy Service: EasyQoS Implements QoS in 250 ms Enhance Collaboration Experience 300% 50% Reduction in voice jitter Video quality improves Improved Application Experience with No Operator Intervention ” The EasyQoS App reduces deployment times for network-wide QoS dramatically. We can now respond to changing application needs via policy-based automation within minutes or even seconds. “ New! Select from Predefined Policies Automated Deployment of QoS config Optimized for Any Infrastructure Cisco ONE Foundation Edeka
- 16. How it Works: Cisco EasyQoS Application Client A calls client B1 2 3 Calls end1 2 3 Optimal Experience Dynamic QoS in < 1s Reduce voice jitter by 300% 50% improvement for video traffic RESTAPIRESTAPI Cisco® UCM calls APIC-EM to set up policy Cisco UCM calls APIC-EM to set up policy QoS policy enabled on network device QoS policy enabled on network device EM EM
- 17. Software Control: Enterprise NFV Cisco’s approach to network functions virtualization (NFV) delivers the elasticity to invoke innovative capabilities in an optimal way – whenever, wherever, and with whatever capacity they are required. Deploy Validated Designs in Minutes “ ” New! Full Software Stack to Increase Branch Agility Central Orchestration Management SDN: APIC-EM with Enterprise Service Automation Freedom of Choice Hardware: Cisco UCS® E- and C-Series | COTS Software Intelligence over Hardware Virtualization Layer: NFV Infrastructure Software Consistent, trusted network services Virtual Network Functions (VNFs): Cisco® and Third Party Computacenter
- 18. Cisco Enterprise NFV and ESA Network Services in Minutes, on any Platform
- 19. How it Works: Cisco Enterprise NFV Automation APIC-EM with Enterprise Service Automation vRouter vFirewall vWAN optimization vWLAN controller Cisco® ISR, UCS E-Series Cisco UCS® C-Series x86 server Third-party services Select your network functions 1 Select your preferred infrastructure 2 Orchestrate and automate services 3 IT Agility Run on any platform Elastic service scale Deploy in minutes EM
- 20. Cisco Path Trace: Flow Visibility
- 21. DNA Enabler: Cisco APIC-EM with Plug and Play Enterprise NFV • 3-6 months • Costly onsite visits • 3-6 days • No service calls Cisco DNA Business Benefit: Time to Market for a New Branch Rollout
- 22. DNA Enabler: Cisco EasyQoS Collaboration QoE with Nectar • Several months for manual changes on QoS • Varied user experience • <1 sec for dynamic network update • 300% lower jitter • 50% improved video Cisco DNA Business Benefit: Employee Productivity: Collaboration and Training
- 23. What Cisco DNAAutomation Delivers Simplicity Network-wide abstraction supporting both Greenfield and Brownfield Cost Reduction OPEX reduction through adoption of Cisco best practices Speed of Business Outcomes Dynamic network that adapts to business intent policy Open Programmability Open NB REST API’s with agnostic SB interfacing
- 25. Thank you for watching.
Editor's Notes
- This cover slide should be updated with current information and left on screen as people log in. - Replace ‘Topic’, ‘Guest Speaker’ , ‘Date’
- There are three major IT priorities for IT to lead digital transformation in their respective organizations Faster Innovation – digital demands businesses to differentiate customer experience and re-define models quickly. Yet only 30% of digital projects will succeed [Cisco study]. This is partly because IT processes are slow and costly and new technologies are being developed faster than they can be adopted. Reduce Cost and complexity – over time the network has grown complex and our customers are spending 2-3 times more on OpEx than CapEx which is unsustainable in a digital world where there growing numbers of devices, apps, users, threats and static IT budgets. Lower Risk and Meet Compliance – mobility and cloud by definition increase the attack surface of business, there is no perimeter … and it take 80 days to detect threats and even longer to remediate while 60% of data is stolen in the first few hours. All this while strict new regulations like the European Data Protection and Affordable Care Acts are being introduced. How does the network need to evolve to enable growing business needs? As we said before, the network connects all things digital. But let’s discuss how it needs to evolve to address IT priorities for digital. The network needs to enable faster innovation by delivering Deep Insights on users behaviors, application performance, and threats, so the business can take Immediate Action to optimize factors like employee productivity, customer experience, and daily processes -- all around BUSINESS innovations and new differentiating or disrupting models. For example, in order to Personalize Experiences it needs to deliver context relevant information like what users and devices are on the network and where. And this is possible when the network has visibility and can deliver the analytics, helping businesses make better decisions faster. The network can tell a bank a VIP client has entered a store or what promotions are driving store front conversion or how well expensive real-estate is being utilized (CMX and CMX Cloud, available now). Or the network can see no users are on premises, and lower energy usage of lighting, HVAC, etc. (Digital Ceiling, available Feb 2016). As IoT solutions becoming more pervasive, we’ll see the network share information with applications to drive decisions. Example, Schindler Elevators are running their IoT app over the network to capture analytics on service elevators so they can proactively determine when to send technicians on site. (Non-pubic use case). Today we collect data through devices using CMX, Prime, Lancope; by end of CY16, we will have a Network Data Platform based in the Cloud that will collect rich network data and provide in a structured database with open APIs that customers and partners can tap into for supporting business decisions. To sustain the increasing devices, apps and services, while reducing cost and complexity the network needs to deliver automation and service assurance. This will allow IT to get a branch office running quickly, or roll out new services and applications faster with efficiency and optimal experience. The focus here is IT agility, providing capabilities that allow speed at the lower costs. Cisco provides deep visibility into users and applications, and with controller innovations, we are fully abstracting the network and providing simple workflows following Cisco best practices, so IT can focus on business intent, and allow the controller enforce the policies dynamically. Security continues to be a top priority for business and IT leaders! We know 69 percent of customers are less likely to do business with a breached organization. Also, maintaining compliance is difficult to sustain and less than 1/3 of companies remain compliant more than a year [Verizon PCI Compliance; 2012], opening themselves up to fines and legal procedures. The network needs to contain risk through integrated security services that rapidly detect and mitigate threats. Here the network – touching all things digital – can provide Security Everywhere and Consistently Enforce Compliance so that it acts as both a sensor and enforcer all the way from the clients to the cloud. We all can agree, all these network requirements are very critical to supporting a Digital Organizations, and are the objectives of the Digital Network Architecture, that moves the network beyond a platform of connectivity to a platform for insights, automation and security. However, while business leaders fully acknowledge the importance of the network in enabling digital, less than 10% of enterprises implementing digital business have very clear integration between their network and digital business strategies. (Source: Gartner). Let’s discuss why this is the case. (go to evolution of networking software)
- As I said, we announced DNA last week, and apic-em is a vital proof point. Apic-em is the automation engine for enterprise networks, and check out the new applications, we’re innovating at a jesse owens pace here, and yes I just saw the movie an liked it, track and field is my favorite sport. Sorry I deviate - If you saw the apic-em launch in late October, you will know we announced a couple of shrink-wrapped apps with apic-em, and coinciding with DNA, we have added a few more apic-em application to the portfolio – namely easy-qos as well as improvements to the iwan app and plug and play app. With DNA we have also announced the virtualization of several network functions and hence an orchestration function for those is needed, which we deliver with the new apic-em enterprise services automation app. We shall talk about all these a bit later. DNA services are delivered through Cisco ONE Software model, that is consumed in a very flexible and easy way.
- April 2015 Vol 6/ No. 3 “WAN 2.0: Say goodbye to network provisioning delays” http://searchnetworking.techtarget.com/ezine/Network-Evolution/WAN-20-Say-goodbye-to-network-provisioning-delays
- SWM, an EFT customer for PnP, spends around $100 per 2960C for installation via a partner – Low end Access Rolls Royce Engines pays $6000 per access switch installation and deployment through their partner British Telecom – 3850 Access Kaiser Permanente spends $$ > cost of switch for day0 installation & configuration - 3850 Access Per customer conversations, access device installation cost varies, based on switch, router, AP, partner’s involvement, etc. Range is $200 - $2000
- Plug & Play Enterprise-wide Scale Automated workflow with no pre-configuration required 79% Lower Deployment Costs
- Enable Device with Zero Touch Set Policy base on Business Intent Point and Click to Troubleshoot Get Visibility Into Your Network Optimize Capacity Protect Your Applications Plug in UCB and Turn On Enable Policy on Controller Get Visibility on Your Network Look at Performance of Application Fine Tune Your Policy Understand Apps in Your Network Group Based on Business Intent (Critical) Set Right Policy (this link and this bandwidth) Available February Deployments: Multi-link / 3G/4G (new Feb28) Pilot deployment * 2+ Datacenters Troubleshooting * Robustness * Qos troubleshooting Compliance
- Key benefits: No need to open a wide UDP port-range for marking ACLs (Avoid Abuse & Vulnerabilities) No Need for DPI at the edge to accurately identify traffic type Classification becomes application-aware and specific, yet lightweight Support wireless & BYOD devices without client software upgrades Supports brownfield deployment, no need to forklift existing HW Simple and easy to deploy, operator just express business relevance for applications and controller does the rest under-the-hood End-to-end QoS provisioning can be done in minutes (vs months) leveraging tried and tested Cisco Validated Designs Cisco Advantage Unlike competition, Cisco’s SDN QoS solution works with existing hardware and software Can be delivered without any major surgery to the network Device-level knowledge of QoS tools, capabilities etc is no longer required by Operator to deploy QoS end-to-end enterprise wide Can implement dynamic QoS in a multi-tier campus (access, distribution, core) in as little as 250 ms Can achieve toll-quality voice from BYOD devices by reducing voice jitter by up to 300%. Similarly video quality can be improved by over 50%
- Reduces Deployment and Operational costs through automation Standardization of the network design, making it easy to troubleshoot issues Zero touch deployment of a branch in a box ITIL process alignment enable network deployment to fit with IT operating model End to end design and deployment of branch services Easy to augment new services in a branch as the use cases for the branch changes
- now let’s talk about the enterprise services automation application for apic em. Enterprise Network function virtualization shall have its very own webinar. But think about it – now you can define how you consume functions such as an adaptive security firewall –also known as asa- or wan optimization was services, or a wireless lan controller, or a virtual router … and you’ll see more and more 3rd party virtual network functions come up, which could be orchestration agents or others. Anyhow, you have these functions you can invoke. Clearly, you need an orchestration tool to invoke them. That is exactly what the enterprise services automation app does. You automate and standardize according to company and Cisco best practices. Through its GUI, ESA provides intuitive ways for designing services for bringing up branch networks . Cisco Enterprise Service Automation aids with orchestration, automation of processes, and service chaining of virtual and physical branches. It reduces the time taken to provision multiple branches simultaneously from what usually takes months to just minutes. ESA workflows align with ITIL processes, providing ways for user-created network designs for initial service provisioning and service upgrades. A key principle of the Cisco Digital Network Architecture is enabling IT to virtualize all network services and decouple software from hardware to provide IT freedom of choice to run any service on any platform. Cisco Enterprise Network Functions Virtualization (Enterprise NFV) is a powerful solution to run network services on both physical and virtual devices, including the Infrastructure Software, Virtualized Network Functions and Orchestration.
- Use case: Branch Agility/New Site Rollout Many organizations have distributed operations – banks, retailers, professional services, hotel, etc. Before DNA, it could take 3-6 months to get a site up and running once a lease is signed. With DNA, we can dramatically reduce time to market and operational costs by avoiding expensive onsite visits and driving productivity. Automation and Virtualization are key areas of innovation. APIC EM with Plug and Play means IT can automate Day 0 operations. Equipment doesn’t need to be touched before it is sent to a branch site. When the un-configured device is plugged in on site, it automatically call back to APIC EM through DNS or DHCP, identifies itself through “Trustworthy Systems” capabilities that ensures no tapering of the device, and notifies IT remotely so IT can securely push across the credentials. Also, some customer may be looking for great flexibility to run network services. Enterprise NFV allows them to deploy services on servers already in the branch to deliver capabilities like routing, firewall, wireless LAN controller, and WAN opt.
- Employees depend on applications to get they work done, and today’s global organizations heavily rely on voice and video for collaboration and training. As more applications move to the cloud, maintaining visibility and control has been challenging, and the growth in application traffic has challenged IT to maintain the SLAs business require. Leveraging QoS in theory could help, but deploying it consistently across all segments of the network is tricky and requires months of manual and error prone changes – leaving employees with varied user experience that directly impact their productivity. With DNA, we leverage APIC and the EasyQos App to dynamically update the network to ensure IT can deliver a differentiated app experience. And with our partnership with Nectar, APIC know if CUCM or MS Lync calls are occuring, and within 250 milliseconds – before you can get the receiver to your ear – has already update the QoS markings across the network, and later removes it after your call is complete. The result have been outstanding – providing toll quality voice with 300% lower jitter and 50% improved video performance.