Upload
cisco-public-sector
View
688
Download
0
Tags:
Embed Size (px)
Citation preview
Intercloud Fabric: Technical Overview
Ryan Kido Systems Engineer
CCIE #8558
Cisco Confidential 2 © 2014 Cisco and/or its affiliates. All rights reserved.
Agenda
Overview
Architecture
Intercloud Fabric Services
Deployment Considerations
Summary
Cisco Confidential 3 © 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential 4 © 2014 Cisco and/or its affiliates. All rights reserved.
Why Hybrid?
Striking the perfect balance
Fixed workloads Elastic workloads Choice to build / rent across providers
Workload portability Consistent security
DC/Private Clouds Provider Clouds Economics Speed
Scale
Data Sovereignty
Security Control
Hybrid
Cisco Confidential 5 © 2014 Cisco and/or its affiliates. All rights reserved.
Reality of Hybrid Cloud and Key Challenges
Loss of Security Siloed Infrastructure Slow and Complex
• Unsecure Connection
• Limited Workload Protection
• Inconsistent Cloud Architectures
• Fragmented Solutions Solving Networking and Security Challenges
• Different Management Tools
• Require App Re-configuration
• Slow and Manual Process of Discovering Infrastructure Dependencies
• No Visibility or Control
Cisco Confidential 6 © 2014 Cisco and/or its affiliates. All rights reserved.
DC/Private Cloud
End User and IT Admin Portals
Secure Fabric Extender Network,
Compute, and Storage
vSphere
Hyper-V*
KVM*
Xen*
Intercloud Fabric for Business
EC2 APIs
Azure APIs
Intercloud Fabric for Providers
Provider Clouds
Intercloud Ecosystem
Intercloud Fabric for Providers
Cisco Powered Services and Cloud
Providers
Cisco Intercloud Fabric: Solution Overview
* Available in subsequent releases
Cisco Confidential 7 © 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential 8 © 2014 Cisco and/or its affiliates. All rights reserved.
Intercloud Fabric for Business
Cisco Intercloud Fabric: Software-based Solution
DC or Private Hybrid Public
Intercloud Fabric for Provider
GUI APIs
Cloud APIs
Cisco Confidential 9 © 2014 Cisco and/or its affiliates. All rights reserved.
Cloud A
Cloud B
Cloud C
Making a private cloud application instance transportable to public cloud conserving its associated policies
Private
ICF Bubble
Cisco Confidential 10 © 2014 Cisco and/or its affiliates. All rights reserved.
ICF Bubble
Cloud A Cloud B
Cloud C
v ICF Bubble: a group of VMs and associated cloud profiles
VM
VM VM VM
VM VM VM
VM VM
VM
VM VM
App Policy Statements Policy 1… Policy 2… AppCatStatements
Policy 1… Policy 2…
v ICF Bubble Features: secure and portable across public clouds
v Cloud Profiles : system, security, network and service policies
Cisco Confidential 11 © 2014 Cisco and/or its affiliates. All rights reserved.
Intercloud Fabric Secure Extender (Secure Network Extension)
DC/Private Cloud
Provider Cloud
Cisco Intercloud Fabric Architectural Details
Intercloud Switch
Intercloud Fabric Provider Platform
VM Manager Intercloud Fabric
for Providers
Intercloud Fabric Services
Intercloud Extender
Intercloud Fabric Director
End User and IT Admin Portal Workload and Fabric Management IT Admins End Users
VM VM
VM VM Intercloud Fabric
for Business
Cisco Confidential 12 © 2014 Cisco and/or its affiliates. All rights reserved.
Intercloud Fabric Secure Extender (Secure Network Extension)
Intercloud Fabric for Business
DC/Private Cloud
VM Manager Intercloud
Fabric Director
IT Admins End Users
VM VM
Cisco Intercloud Fabric Director Features
Self-service • End User Portal • Choice of workload
placement
IT as Cloud Broker • Admin Portal • Policy-based
Cloud Management
Open • Open API for integration
with other cloud management platforms
Cisco Confidential 13 © 2014 Cisco and/or its affiliates. All rights reserved.
Intercloud Fabric for Business
Intercloud Secure Extender
Provider Cloud
Intercloud Switch
Intercloud Extender
Intercloud Fabric Services
VM VM
Cisco Intercloud Fabric Secure Extender Features
Secure Layer 2 Extension to Cloud Extend VLAN/VXLAN
with TLS Tunnel
Network & Security Services Inter-VM firewalling and routing
Flexible Application Reachability Enterprise IP Address or Provider IP Address
Intercloud Fabric Director
Cisco Confidential 14 © 2014 Cisco and/or its affiliates. All rights reserved.
Intercloud Fabric Provider Platform Features
Cloud API
API Translation Logic
South Bound API
VCD Adapter
Open stack
Adapter
Cloud Stack
Adapter Custom Adapter
Intercloud Fabric Cloud API
Provider Platform
Intercloud Fabric Provider API
Rapid Deployment Enable Cloud Provider to Quickly
Offer Hybrid Cloud Services
Open API For Integration with Cloud
Provider Infrastructure
Flexible Abstraction over Cloud Provider Infrastructure
Core Logic Tenant DB
Intercloud Fabric Provider Southbound API
To Provider OS / BSS
To Provider Infrastructure
To Intercloud Fabric for Business
Tenant Database Securely stores tenant records and templates
Custom Adapter
Cisco Confidential 15 © 2014 Cisco and/or its affiliates. All rights reserved.
Intercloud Fabric Structure
Cross-clouds app portability and mobility
Any App on Any Cloud
Hybrid, Public and Private ICF: A Platform for Cloud Services
Cisco and/or 3rd party service offerings supporting applications in cloud environments ICF Extended Services
Fundamental service functions and capabilities integrated natively ICF Core Services
Fundamental technologies and components that support ICF aaS functions
ICF Core Infrastructure
Cisco Confidential 16 © 2014 Cisco and/or its affiliates. All rights reserved.
Intercloud Fabric Structure
Cisco Intercloud Fabric Architecture is Modularized to Achieve the Elasticity Needed to Support Evolving Cloud Environments
ICF Extended Services + External Partners (storage, load balancing, etc.)
ICF Core Services Security Management
and Visibility Automation Networking VM Portability
ICF Core Infrastructure ICFD PNSC ICFPP Secure Communications
Private Cloud: Enterprise Public Cloud: Provider
Cisco Confidential 17 © 2014 Cisco and/or its affiliates. All rights reserved.
ICF Core Infrastructure
ICF Core Infrastructure
PNSC
ICFPP
Secure Communications
Enterprise tool to manage and orchestrate hybrid clouds
Enterprise Service orchestration function for private and public services
Site-to-site and VM-to-VM communication technology
Cloud Provider Public Cloud management tool
Fundamental Technologies and Components That Support Intercloud Fabric Functions
Intercloud Fabric Director
Cisco Confidential 18 © 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential 19 © 2014 Cisco and/or its affiliates. All rights reserved.
ICF Core Services
ICF Core Services Fundamental Service Functions and Capabilities Integrated Natively to ICF and its Operation
Security
Management and Visibility
Automation and APIs
Networking
VM Portability
Switching, routing and other advanced network-based capabilities
VM to VM and App-to-App security controls
VM format conversion and mobility
Private and hybrid cloud monitoring capabilities
VM lifecycle capabilities, automated operations and Programmatic APIs
Cisco Confidential 20 © 2014 Cisco and/or its affiliates. All rights reserved.
Core Services: VM Portability
VM portability is the process or converting an existing image from the source cloud format to the destination cloud format, and placing it on the destination cloud with its associated policy Value: VMs can be placed on any cloud independently from the origin cloud and hypervisor flavor, yet conserving the application related policies
Key VM Portability Functions:
Format Conversion
Policy Portability
and Control
Driver (Agent)
Application Instantiation
Cisco Confidential 21 © 2014 Cisco and/or its affiliates. All rights reserved.
Intercloud Fabric Services
VM is powered up on public cloud and management continues through Intercloud Fabric Director 4
VM Portability: Migration Across Hybrid Cloud
Intercloud Fabric Secure Extender
DC/Private Cloud
Provider Cloud
Intercloud Switch
Intercloud Fabric Provider Platform
Cloud Providers
Intercloud Extender
IT Admins End Users
VM
VM VM
Image is converted to public cloud format (e.g., AMI) and migrated to public cloud
3
End user triggers VM migration to cloud 1 VM is shut down and Intercloud Fabric driver added 2
VM Manager Intercloud
Fabric Director
Intercloud Fabric for Business
Cisco Confidential 22 © 2014 Cisco and/or its affiliates. All rights reserved.
ICF VM Image Conversion
Install Driver and Normalize to Raw
Convert Normalized Image to Provider Format
Provider Image
Storage
Image
Install Driver and Keys
Import Source Image
ISO RAW
VMDK OVA VM
Manager
Convert Raw Image to Provider Format
Converted Raw
Image
RAW
Upload VM Image to Datastore
Private Cloud
Public Cloud
Converted Image
AMI VDH
VMDK OVA
Uninstall Driver and Normalize to Private Format
Convert Cloud Image to RAW Format
Remove Driver and
Keys
Download Source Image
ISO RAW
VMDK OVA VM
Manager Convert Image to
RAW Format
Converted Raw
Image
RAW
Download VM Image
from Datastore
Downloaded Image
AMI VDH
VMDK OVA
Provider Image
Storage
Image
Cisco Confidential 23 © 2014 Cisco and/or its affiliates. All rights reserved.
Intercloud Fabric for Business
Intercloud Secure Extender
Intercloud Fabric Director
DC/Private Cloud
Provider Cloud
Core Services: Network Extension
Enterprise Virtual Switch
Application
VM
Provider Network Switch
Enterprise VM access port
Tunnel Port
Trunk Port
Enterprise Ports
Outer MAC/ IP/UDP Tunnel L2X
Application
VM IC Driver
Data
Data
Data
1
2 3 Intercloud
Switch Intercloud Extender
Outer MAC/ IP/UDP Tunnel L2X Data
Cisco Confidential 24 © 2014 Cisco and/or its affiliates. All rights reserved.
Intercloud Fabric Secure Extender (Secure Network Extension)
DC/Private Cloud
Provider Cloud
Intercloud Switch
Intercloud Extender
Intercloud Fabric Director
Intercloud Fabric for Business
Core Services: Firewalling/Zoning
IT Admins Intercloud Fabric
Intercloud Fabric VSG: Protects VMs in Provider Cloud
Test VM
Test VM
Enterprise VSG: Protects VMs in Private Cloud
Single Security Policy for Private and
Provider Clouds
Web VM
Cisco Confidential 25 © 2014 Cisco and/or its affiliates. All rights reserved.
Intercloud Fabric for Business
Intercloud Fabric Director
Enterprise VPN Access to Public cloud VMs
Core Services: Routing Across Hybrid Cloud
Direct access to public cloud VMs through NAT
Intercloud Fabric Secure Extender
DC/Private Cloud
Provider Cloud
Intercloud Extender
VM VM
VM VM
VLAN App
19.2.168.x.x Default Gateway for VLAN A &B
VLAN Web
VM VM
VM VM
Provider Gateway
10.x..x.x
54.x..x.x
VLAN A Intercloud
Fabric CSR
Inter-VLAN communication through ICF Routing
VLAN B
192.168.x.x
Remote/ Branch Office ISR
VPN VPN
Mobile Worker
Mobile Worker
Intercloud Switch
Cisco Confidential 26 © 2014 Cisco and/or its affiliates. All rights reserved.
Intercloud Fabric Secure Extender (Secure Network Extension)
DC/Private Cloud
Provider Cloud
Intercloud Switch
Intercloud Extender
Intercloud Fabric Director
Intercloud Fabric for Business
Core Services: Establishing Trust
Web VM
IT Admins
IT Admin configures an icfCloud 1
Generate SSH key pair 2
SSH public key passed as part of creating VM along with SSH username
3 Cloud Provider
API
SSH public key downloaded as part of VM startup and made as authorized key for SSH user
4
HTTP/HTTPS
Cisco Confidential 27 © 2014 Cisco and/or its affiliates. All rights reserved.
Intercloud Fabric Secure Extender (Secure Network Extension)
DC/Private Cloud
Provider Cloud
Intercloud Switch
Intercloud Extender
Intercloud Fabric Director
Intercloud Fabric for Business
Core Services: Establishing Secure Communications
Web VM
IT Admins
Select encryption algorithm and hash for an icfCloud
1
S2S Tunnel Profile: Control Channel PSK
2
S2S and Access Tunnel Profile: Control Channel PSK Data Tunnel Encryption Key Data Tunnel Hash Key
3 Control Channel PSK 4
Encryption algorithm – AES-128-GCM, AES-128-CBC, AES-256-GCM (Suite B), AES-256-CBC
Hashing algorithm – SHA-1, SHA-256, SHA-384
HTTPS/XML API
SCP
Cisco Confidential 28 © 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Intercloud Fabric Management Options Flexibility to integrate cloud and on-premise infrastructure operations
On-Premise Infrastructure Off-Premise / Cloud
Included
Optional
Intercloud Fabric for Business
UCS Director (On-Premise Converged Infrastructure
Mgmt. & Automation)
Off-premise Hybrid Cloud Infrastructure Management
Prime Services Catalog (Unified application centric consumption for end users)
Cisco & 3rd Party Management Systems (CIAC, custom, etc.)
IaaS
A
pplic
atio
n
Unit of Operations – VM, VPC, Service Nodes, and Infrastructure policy
End User and IT Admin portals for IaaS consumption
Unit of operation – application blueprint/deployment profile
Business policy , Governance and Regulatory compliance
Cisco Confidential 29 © 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential 30 © 2014 Cisco and/or its affiliates. All rights reserved.
§ Enterprise Virtual Machine Manager: § VMware vCenter version 5.0/5.1/5.5 (VMware Enterprise Plus License is *NOT* required)
§ Providers: Amazon Web Services, Azure, British Telecom, Dimension Data, Virtustream*
§ OS Versions: § Red Hat Enterprise Linux (RHEL) 6.0, 6.1, 6.2, 6.3 and 6.4 (64-bit and 32-bit versions) § CentOS 6.3 (64-bit and 32-bit versions) § Microsoft Windows 2008 R2 (Service Pack 1 [SP1]) with AMI and VMware Virtual Machine Disk (VMDK)
templates
Cisco Intercloud Fabric Support Matrix
* Additional providers will be added in a phased manner
Cisco Confidential 31 © 2014 Cisco and/or its affiliates. All rights reserved.
ICFD
icfCloud
VSG and CSR
Cloud VM
Scale Tree: Tested Capacity
Total System Capacity—Not to Exceed 1000 VM per ICFD instance
VM VM VM VM VM VM VM VM
ICFD
16 icfCloud
100 VMs per VSG, 100 VMs per CSR
1000 VMs
Cisco Confidential 32 © 2014 Cisco and/or its affiliates. All rights reserved.
Cloud A
Cloud B
Current Phase: Direct Private !" Public § From Private cloud to supported cloud providers
Private
ICF Bubble Current Phase: Indirect Public !" Public
§ From public cloud through private to public cloud
Future Phase: Additional Private Options !" Public & Direct Public !" Public
Cisco Confidential 33 © 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential 34 © 2014 Cisco and/or its affiliates. All rights reserved.
Learn
• Learn more about Intercloud Fabric at: http://www.cisco.com/go/intercloudfabric
• Questions: Reach out to Cisco Account Team
Cisco Intercloud Fabric Call to Action
Engage
• Cisco Intercloud Fabric for Business is available through an Early Customer Success Program
• Cisco Intercloud Fabric for Provider is now available for Provider integration
• Contact your cisco team to learn how you can be part of the Cisco Intercloud Fabric ecosystem
Cisco Confidential 35 © 2014 Cisco and/or its affiliates. All rights reserved.
Consistency Security/Networking as an extension of
Private Cloud
Control Unified workload
management across clouds
Choice Freedom to place workloads across
heterogeneous Clouds
Compliance Policy-based
deployment/governance in cloud
Cisco Intercloud Fabric Value Proposition: Secure Workload Mobility
DC/Private Cloud Cisco Intercloud Fabric
Fixed Workloads Variable Workloads
Provider Cloud
Thank you.