Cisco Cloud Definition

8/6/2019 Cisco Cloud Definition

1/72

Colin Li

Customer Solution Architect

Cisco Asia Pac SP CTO office


2/72

Agenda

Cloud Building Blocks

Cloud Strategy

Orchestration Architecture

Questions


3/72

Data Centre Evolution

Where does the journey begin?

Application

Silos

Zones of

Virtualisation

External

Cloud ServicesApps

Servers

Network

Private Internal

Cloud Services

StandardizeConsolidate

VirtualizeAutomate

Self-ServiceCentralize

From silosto Dynamic Data Centre and IT as a service

Storage


4/72

Data Centre Evolution

From Virtualisation to IaaS

Lower costs

Pay as you go

Faster time-to-market

Always on availability

Data security and privacy

Lower carbon footprint

Business Needs

Traditional Virtualised

Data Centre

ITaaS

Virtualized + Multi-Tenant

Secure multi-tenancy

Service automation and

management

Data mobility

Integrated data

protection & security

Higher asset utilization

Infrastructure Needs

+ Automated + Self-Service


5/72

The ChallengePain in Orchestration and IT Management

90% of breaches are from

80% of downtime caused by poor

change management

Costs 3X more to manage a device than

to buy one

nown vu nera es

Application releases are late

60% of the time

Source: Industry

Analysts


6/72

Agenda


Cloud Strategy


Questions


7/72

Virtualized Multitenant Data Center 2.0Replicable Building Blocks

DCI/ POD Interconnect Cisco DCI Options

Orchestration/ Portal

Application Key App validation to

accelerate adoption

System tools; Utilityconsumption models (BMC, ..)

Compute/

Virtualization

Storage

NetworkAccess

POD

-

OTV/ LISP change the game

Cisco POD options

General purpose

HFT/ HPC

Partner specific efforts

VMware, MSFT

EMC, NetApp

et.al.

Compute/

Virtualization

Storage

NetworkAccess

Network

Services

POD

Network

Services


8/72

Orchestration Reference ArchitectureService Consumer Cloud Admin

Web

Portal

Service Management

Metering Operational

Enterprise

Tenant Admin

GovernanceService

Access Management

& Billing Processes

Compute

Storage

Network

Compute

Storage

Network

Service Provider

Catalog

Compute

Storage

Network

Compute

Storage

Network

Compute

Storage

Network

Compute

Storage

Network

Resource Management

CMDBAutomation VirtualizationOrchestration


9/72

Network

Containers

PODS

Virtual Datacenters

Isolated for Tenants/Workloads

Cloud ResourcesCloud Resources

Location A Location B


10/72

Customer Red

Customer Green

IP/NGN

Backbone

Core

WAN Edge

PhysicalInfrastructure

(shared)

Virtual Networks

(per tenant)

Network Containers

WebDB App

WebDB App

Aggregation

Services

Compute


11/72

Network Container Blueprint

WAN

(MPLS,P2P)

Internet

Private Public

FW FW

LB LB

Internet-Based

Consumer

Tenant

Premise

11

Web App Database Web App Database


12/72

Agenda


Cloud Strategy


Questions


13/72

13


14/72

14


15/72

15


16/72

16


17/72

17


18/72

18


19/72

19


20/72

20


21/72

21


22/72

22


23/72

23


24/72

24


25/72

25


26/72

26


27/72

27


28/72

28


29/72

29


30/72

30


31/72

31


32/72

32


33/72

33


34/72

34


35/72

35


36/72

36


37/72

Agenda


Cloud Strategy


Questions


38/72

Chan e Mana ement

Cloud Orchestration using BMCCLM

Service Request Management

(SRM)

Cloud

Extensions

My Services

Portal

r um rc es ra or

BBSABBNA

(Remedy ARS)

m)

d Ci R l ti hi E l ti


39/72

BMC BladeLogic OEM

Resale wins begin

BMC and Cisco Relationship Evolution

BMC Blade Logic and Major joint cloud

service rovider win

Expanded Strategic

Alliance

Announcement

Dec. 2010

BMC CLM 1.01

Go-to-Market,

Service Engagement

Models Developed

BMC

ProactiveNetPerformance

Mgmt & Compliance

OEM Agreement140 Joint OEM Customers10 Joint Cloud Wins

5 Major Service Provider Wins

6 Federal Agency Wins

Healthy Pipeline of Joint Opportunities

BMC BladeLogic and

UCS Announcement

20112009 2010


40/72

404040 2003, Cisco Systems, Inc. All rights reserved.Presentation_ID


41/72

EndEnd toto End Logical TopologyEnd Logical Topology


42/72

Customer Red

Customer Green

Customer Blue

L3

L3

IP/NGN

Backbone

CoreCore

L3

L3

WAN EdgeWAN Edge

EndEnd--toto--End Logical TopologyEnd Logical Topology

CEBranch or

Campus network

PE

L3 or L2 VPN

Access

Each tenant contained in a

unique VRF

L2

L3

VLANVLAN per application tierper application tier

WebData

baseApp

WebData

baseApp

WebData

baseApp

vPC Layer 2 Trunks

AggregationAggregation

Tenant VRF maps to unique

VLANs

Vlan/VRF maps to unique

Virtual FW/load-balancer

Network Containers


43/72

Network Containers

Pre-Packaged Network Services

LB, 1 VLAN

Bronze

System Configs

Multiple VLANs

SLB & SSLoffload

Multiple VLANs

SLB & SSLoffload

Silver

VPN OffloadFirewall

Gold/Platinum

43

Virtual FW + pVLANs

Shared VMFS,

No Data Protection

Virtual FW + pVLANs

Dedicated VMFS,

DP via Snapshots

System Configs

Virtual FW + pVLANs

Dedicated VMFS,

100% DP, Cloning


44/72

Cisco/BMC

44

Relationship

Th Ch ll


45/72

The Challenge

Pain in Orchestration and IT Management

90% of breaches are from

80% of downtime caused by poor

change management

Costs 3X more to manage a device than

to buy one

nown vu nera es

Application releases are late

60% of the time

Source: Industry

Analysts


46/72

BMCs Industry LeadershipIT Service Mgmt, Automation=> Cloud

Shared VisionPublic, Private, Hybrid Clouds

IaaS to SaaS, Multi-Vendor

46

Complementary SolutionsSynergy w/Ciscos wire once

Unified Service Delivery DC arch

Platform for Innovation

Rapid IT Service Innovation & DeployOngoing policy / event based mgmt



47/72

BMC BladeLogic OEM

Resale wins begin


BMC Blade Logic and Major joint cloud

service rovider win

Expanded Strategic

Alliance

Announcement

Dec. 2010

BMC CLM 1.01

Go-to-Market,

Service Engagement

Models Developed

BMC ProactiveNetPerformance

Mgmt & Compliance

OEM Agreement

140 Joint OEM Customers10 Joint Cloud Wins

5 Major Service Provider Wins

6 Federal Agency Wins

Healthy Pipeline of Joint Opportunities

BMC BladeLogic and

UCS Announcement

20112009 2010

Services Portfolio


48/72

Services Portfolio

What Can CloudDo for My Business?

Costs? ROI?

Process Impact?

How Do We Realize OurCloud Architecture

On-Time, Within Budget, and

in Our Environment?

How Do We Ensure CloudEvolution and Ongoing

Cost Reduction?

What Architecture MaximizesVirtualization, Orchestration

Speed, and Designs Chargeback

Capability?

Cloud

Implementation

Service

Cloud

Optimization

Service

Cloud Strategy

Service

Cloud Planning

and Design

Service

Technology and security

Operations w/ tools

Business case Chargeback approach

Services Catalog

Program and architecture

management offices

Technology, security,

tools, facilities

SLA and chargeback design

Transition planning


management offices

Technology, security, tools,

facilities

Orchestration integration

Workload migration

Staging and validation


management offices

Architectural reviews

Security audits

Cost reduction exercises Process improvements

Tool customization

Day-2 support

Assess Strategy Design Implement & Integrate Optimize via

AccelerateTime to Value

World Class ExpertiseWorld Class Presence

Proven Delivery Capability

Delivering Unique Cisco

Insight


49/72

Cloud Reference

49

2.0)

Virtualized Multitenant Data Center 2.0


50/72

Virtualized Multitenant Data Center 2.0Replicable Building Blocks

DCI/ POD Interconnect Cisco DCI Options

Orchestration/ Portal

Application Key App validation to

accelerate adoption

System tools; Utility

consumption models (BMC, ..)

Compute/

Virtualization

Storage

Network

Access

POD

-

OTV/ LISP change the game

Cisco POD options

General purpose

HFT/ HPC

Partner specific efforts

VMware, MSFT

EMC, NetApp

et.al.

Compute/

Virtualization

Storage

Network

Access

Network

Services

PODNetwork

Services


51/72

Technology Architecture Topology View


52/72

WAN

Internet

CoreVirtual

Servers

Virtual

Network

Virtual

SecurityStorage Compute Services Agg

Edge

ServicesAccess

Virtualization & Separation designed at each Layer

WAN Edge

MPLS

Core

Technology Architecture Topology View

OOB Management Connectivity

Element Management, Orchestration, Federated CMDB

VMWare Nexus1000V Virtual

Appliances

MDS UCS

ASA

ACE

WAF

IPS

Nexus

7000

Nexus

7000

WAASIronPort C

IronPort S

VPN

NAT

Services Appliance/Module

AggregationVDC

Access

ChassisHost

Virtual Context

VRF VLAN pVLAN

Server VM OS App

Encrypti

on


53/72

VMDCArchitectureScalable, repeatable and homogeneous constructs

Compact POD Large POD

Minimum Maximum

VMs 2,048 12,288

Servers 64 384

Minimum Maximum

VMs 16,384 98,304

Servers 512 3072

NASNAS

SANSAN

NASNAS

SANSANUCSUCS UCSUCS

1 6

NexusNexus

Network Containers


54/72

Pre-Packaged Network Services

LB, 1 VLAN

Bronze

System Configs

Multiple VLANs

SLB & SSLoffload

Multiple VLANs

SLB & SSLoffload

Silver

VPN OffloadFirewall

Gold/Platinum

54

Virtual FW + pVLANs

Shared VMFS,

No Data Protection

Virtual FW + pVLANs

Dedicated VMFS,

DP via Snapshots

System Configs

Virtual FW + pVLANs

Dedicated VMFS,

100% DP, Cloning

Sample Platinum Network Container:


55/72

p

Logical View

WAN

(MPLS, P2P)Internet

Private Zone Public Zone

L2L VPN

RA VPN

FW FW

LB LB

Teleworker

Internet-

Based

Consumer

Tenant

Premise

Internet-

Based

PrivateConsumer

55

vSecAppliancevSecAppliance vSecAppliancevSecAppliance vSecAppliancevSecAppliance

Sub-Zone1 Sub-Zone2 Sub-Zone3

vSecAppliancevSecAppliance vSecAppliancevSecAppliance vSecAppliancevSecAppliance

Management Back-End

vSecAppliancevSecAppliance vSecAppliancevSecAppliance vSecAppliancevSecAppliance vSecAppliancevSecAppliance vSecAppliancevSecAppliance vSecAppliancevSecAppliance

Sub-Zone1 Sub-Zone2 Sub-Zone3

IP/MPLSLarge Pod DC


56/72

Aggregation/Access

10GE

FCoE

FCCore

Nexus 7010

Nexus 7018

Wan/EdgeCRS-1

EMCVMAX

Large Pod DC

OutsideVRF

40G40G

Agg/Access

Services

VirtualAccess /

Compute

SAN

Nexus 7018

Nexus1000

DSN Cat 6500FWSM, ACE,

ASA5580

MDS9500

UCS bladechassis

UCS 6140

ESXi

Inside VRF

40G 40G

Compact Pod DC


57/72

IP/MPLS

Aggregation

10GE

FCoE

FC

Nexus 7010

Wan/Edge

Cat 6500

EMCVMAX

p

Outside

VDC

20G20G

Sub-Agg

Services

VirtualAccess /

Compute

SAN

Nexus 7010

Nexus1000

DSN Cat 6500FWSM, ACE,

MDS9500

UCS bladechassis

UCS 6120

ESXi

Inside VDC

40G 40G

Access Nexus 5020

Orchestration Reference Architecture


58/72

Orchestration Reference ArchitectureService Consumer

Cloud AdminWeb

Portal

Service Management

Metering Operational

Enterprise

Tenant Admin

GovernanceService

Access Management

& Billing Processes

ComputeStorage

Network

ComputeStorage

Network DC Interconnect

Service Provider

Catalog

ComputeStorage

Network

ComputeStorage

Network

ComputeStorage

Network

ComputeStorage

Network

Resource Management

CMDBAutomation VirtualizationOrchestration

Orchestration Service Lifecycle


59/72

Service

Service

Catalog

Define Service

CustomerSelf-Service

Portal

IT and Line of

Business

Request Service

Management

AutomatedProvisioning

Service RequestManagement

PhysicalServers

VirtualServers

Network

StorageCloud

PerformanceManagement

ComplianceManagement

Operations

Metering &Chargeback



60/72

Chan e Mana ement


Service Request Management(SRM)

Cloud

Extensions

My Services

Portal

r um rc es ra or

BBSA

BBNA

(Remedy ARS)m)


61/72

Details - Network

61

onta ner

Customer Red

EndEnd--toto--End Logical TopologyEnd Logical Topology

CE


62/72

Customer Red

Customer Green

Customer Blue

L3

L3

IP/NGNBackbone

CoreCore

L3

L3

WAN EdgeWAN Edge

CEBranch or

Campus network

PE

L3 or L2 VPN

Access

Each tenant contained in a

unique VRF

L2

L3

VLANVLAN per application tierper application tier

WebData

baseApp

WebData

baseApp

WebData

baseApp

vPC Layer 2 Trunks

AggregationAggregation

Tenant VRF maps to unique

VLANs

Vlan/VRF maps to unique

Virtual FW/load-balancer



63/72

Chan e Mana ement

g

Service Request Management(SRM)

Cloud

Extensions

My Services

Portal

r um rc es ra or

BBSABBNA

(Remedy ARS)m)

Network Container Benefits

Logical Topology


64/72

Network Container Benefits

Step 2 & 3:

Bulk VM create

Step 1:

Create

Networ

k

Contai

nerService Provider

MPLS Backbone

Provides the customer with a

fully segmented environment

Elimination of administrative

errors through serviceautomation

Removal of manual resource

Customer 2Customer 1

Step Optional:

Load Balancer

Pool Create

Customer 1

Logical Topology

web appdb

64

Step 2 & 3:

Bulk VM create

Individual VM

create

create

Step 1:

Create

Network

Container

Physical Topology

tracking Reduction in service

deployment time

Minimizing coordination of

technologies between silos Abstraction of complexities

from the user

Self Provisioning

Step Optional:

Load Balancer

Pool Create

Customer 2

Logical Topology

web appdb

Resource Management: Four


65/72

Types of ResourcesResource Type Description

Subnet Pool Pools of subnets

IP Address Pool Pools of IP addresses (/32)Context Pool Pools of device contexts (FWSM, LB)

VLAN Pool Pools of VLANs

65

Release

Request What is the request ID for the

allocated Resource and the associated networkcontainer

Resource Pools


66/72

Resource Pools

Resource Category Start End Scope

PUB_IO_VLAN VLAN 601 609 AGG,VSS,FWSM

PUB_II_VLAN VLAN 611 619 VSS,FWSM,ACE,SUB-AGG

PUB1_VLAN VLAN 621 629 UCS,N1K,N5K,SUB-AGG,VSS,ACE



66

_ _ ,

PRIV_IO_VLAN VLAN 701 709 AGG,VSS,FWSM

PRIV_II_VLAN VLAN 711 719 VSS,FWSM,ACE,SUB-AGG

PRIV1_VLAN VLAN 721 729 UCS,N1K,N5K,SUB-AGG,VSS,ACE



AGG_FT_VLAN VLAN 771 779 AGG

SUBAGG_FT_VLAN VLAN 781 789 SUB-AGG

PRIV_VRF VRF

PUB_VRF VRF

Resource Pools: Continued


67/72

Resource Pools: ContinuedResource Category Start End Scope

PUB_INFRA_I

P Subnet Pool 172.31.11.0/24 172.31.19.0/24 AGG,SUB-AGG,ACE,FWSM

PUB1_IP Subnet Pool 172.31.21.0/24 172.31.29.0/24 SUB-AGG



PRIV_PE_IP Subnet Pool 172.31.51.0/24 172.31.59.0/24 PE,AGG

PRIV_INFRA_I

P Subnet Pool 172.31.61.0/24 172.31.69.0/24 AGG,SUB-AGG,ACE,FWSM

PRIV1_IP Subnet Pool 172.31.71.0/24 172.31.79.0/24 SUB-AGG



67

_

AGG_FT_IP Subnet Pool 172.31.101.0/24 172.31.109.0/24 AGG

SUBAGG_FT_I

P Subnet Pool 172.31.111.0/24 172.31.119.0/24 SUB-AGG

PREMISE_IP Subnet Pool 172.29.1.0/24 172.29.9.0/24 PE

PUB_AGG1_R

ID_IP IP Address Pool 172.31.253.1 AGG1

PUB_AGG2_R

ID_IP IP Address Pool 172.31.253.2 AGG2

PE_RID_IP IP Address Pool 172.31.253.11 172.31.253.19 PE

PRIV_AGG1_RID_IP IP Address Pool 172.31.253.21 172.31.253.29 AGG1

PRIV_AGG2_R

ID_IP IP Address Pool 172.31.253.31 172.31.253.39 AGG2

PRIV_SUB-

AGG1_RID_IP IP Address Pool 172.31.253.41 172.31.253.49 SUB-AGG1

PRIV_SUB-


PUB_SUB-


PUB_SUB-

Platinum Logical: Variabilized


68/72

at u og ca a ab ed

WAN

(MPLS, P2P)Internet

${runtime.pe_vlan}

${runtime.pe_ip}

${runtime.pub_pool_ip}CE NAT

VRF PRIV_${runtime.customer_id}

68

${runtime.priv_io_vlan}

${runtime.priv_ii_vlan}

${runtime.priv1_vlan}



${runtime.priv_i_ip}

${runtime.priv1_ip}${runtime.priv2_ip}

${runtime.priv3_ip}

HSRP .254

.2

53

.2

52

.250

HSRP .251

.2

49

.2

48.2

48

.2

47.2

46

.2

54 .2

53HSRP .254

.2

52.2

51

${runtime.pub_io_vlan}

${runtime.pub_ii_vlan}

${runtime.pub1_vlan}



${runtime.pub_i_ip}

${runtime.pub1_ip}${runtime.pub2_ip}

${runtime.pub3_ip

HSRP .254

.2

53

.2

52

.2

50

HSRP .251

.2

49

.2

48.2

48

.2

47.2

46

.2

54 .2

53HSRP .254

.252.2

51

Context PRIV_${runtime.customer_id}

VRF PRIV_${runtime.customer_id}

Context PRIV_${runtime.customer_id}

Context PUB_${runtime.customer_

Context

PUB_${runtime.customer_id}

VRF PUB_${runtime.customer_id}

Platinum Logical: Instantiated for


69/72

Tenant1WAN

(MPLS, P2P)Internet

VLAN 791

172.31.51.0/24

10.88.10.50CE NAT

VRF PRIV_TNT001

Internet

69

VLAN 701

VLAN 711

VLAN 721

VLAN 731

VLAN 741

172.31.61.0/24

172.31.71.0/24172.31.81.0/24

172.31.91.0/24

HSRP .254

.2

53

.2

52

.250

HSRP .251

.2

49

.2

48.2

48

.2

47.2

46

.2

54 .2

53HSRP .254

.2

52.2

51

VLAN 601

VLAN 611

VLAN 621

VLAN 631

VLAN 641

172.16.11.0/24

172.31.21.0/24172.31.31.0/25

172.31.41.0/25

HSRP .254

.2

53

.2

52

.2

50

HSRP .251

.2

49

.2

48.2

48

.2

47.2

46

.2

54 .2

53HSRP .254

.252.2

51

Context PRIV_TNT001

VRF PRIV_TNT001

Context PRIV_TNT001

Context PUB_TNT001

Context PUB_TNT001

VRF PUB_TNT001

What Infrastructure Gets


70/72

Automated per Tenant?Device Configuration ElementsAggregation (N7K) PrivateVRF, Port-Channel Sub-Interfaces for Public and

Private, OSPF for Public and Private

Sub-Aggregation

(N7K)

Private and Public VRFs, Port-Channel Sub-Interfaces for

Public and Private, OSPF for Public and Private

-

70

Firewall (FWSM) Private and Public contexts during initial network containercreation. Per-VM rules during FW Console interaction.

LB (ACE-20) Private and Public contexts during initial network container

creation. LB pools and addition of servers during LB

Console interaction.NAT (ASA 5520) NAT entries for Public-facing LB policies

CE ( ISR 2800) Simulated tenant premise: VRF, OSPF, Loopback

UCS 6120 FIC Adding VLAN to vnic templates per tenant service request

Solution Demo


71/72

Solution Demo

71

Documents

Cisco Cloud Definition