Infoblox Cloud Solutions - Cisco Mid-Atlantic User Group

1 | © 2014 Infoblox Inc. All Rights Reserved.

Infoblox Cloud Solutions Jim Zelnosky, Sr. SE Channels 08-19-2015


• Overview of Cloud Market Trends • Infoblox Cloud Network Automation Overview • VMware Private Cloud Automation Use Case • Amazon AWS and Hybrid/Public Cloud

Agenda:


About Infoblox

($MM)

Founded in 1999 – Evanston Headquartered in Santa Clara, CA with global operations in 25 countries

Market leadership •  DDI Market Leader (Gartner)

•  50% DDI Market Share (IDC)

7,300+ customers 74,000+ systems shipped to 10 countries

45 patents, 27 pending

IPO April 2012: NYSE BLOX

Leader in technology for network control

Total Revenue (Fiscal Year Ending July 31)

$35.0 $56.0 $61.7

$102.2

$132.8

$169.2

$225.0

$0

$50

$100

$150

$200

$250

FY2007 FY2008 FY2009 FY2010 FY2011 FY2012 FY2013


Inhibitors to Enterprise Cloud Adoption Cloud Paradigms Multi-Cloud Adoption Security/Compliance

•  Too many service tickets between server & network teams

•  Lack of troubleshooting tools •  Slow IT execution times

•  Multiple management portals •  No consistent policies •  Any platform change disrupts

implementation/processes

•  No correlated infrastructure view for entire cloud

•  Lack of auditing capabilities •  Requires cross-cloud expertise

Manual processes don’t work for cloud paradigms

Limited support for multi-vendor hybrid clouds

New security/compliance challenges with shift to cloud


Cloud Network Pain Points No visibility to IP address/DNS records for VM/network resources No central reporting on lease history, DNS/IP associations

Lack of reliable DDI for Private Cloud Stability and simplified upgrades of underlying network inhibits Cloud rollout

Requires too much administrator overhead Manual IP address/DNS provisioning is slow, error-prone

Network provisioning is too slow for application delivery No Amazon-like capabilities i.e., on-demand, self-service, DevOps


Infoblox Cloud Solution Enabling the Promise of Hybrid Cloud

DDI Automation Multi-Cloud Visibility

Policy-based automation of DNS, DHCP, IPAM services for virtual servers Open RESTful interfaces for customization

Single management interface for leading cloud solutions Private Cloud: VMware, OpenStack, Microsoft, etc Public/Hybrid Cloud: Amazon

Discovery of VMs, networks for multi-cloud platforms Auditing, reporting across clouds for DHCP leases, DNS records, IP addresses


The Power of Cloud Network Automation

Manual

Traditional Approach

Provision Virtual

Instance

1

Request IP or Use

Allotment

2

Forward IP Data for Tracking

3

Update Database or Spreadsheet

4

Request DNS

Record

5

Allocate and Manually

Enter DNS

6

Clean Up When

De-provisioned

1 6 2 3 4 5

Automated

Provision Virtual

Instance

Automated

Automated

Infoblox Cloud Network Automation ü  Implement change anytime Eg: DNS names, IP addresses

ü  No tickets between network, server teams for DNS, IP

ü  Automatic reclamation of resources upon spin down


Infoblox Cloud Network Automation •  Mapping to Your Private Cloud Journey

Stage Appropriate Offerings Value Delivered

Scale-out

Cloud Platform Appliances CP-V800

CP-V1400 CP-V2200

•  Resilience with local survivability •  Increased DDI scalability and performance for VM

spin ups/downs

Production

Cloud Network Automation License •  View/administer cloud tenants, networks, VMs, IP addresses through a single UI

•  Monitor IP and network usage •  New audit/usage reports

Pilot Infoblox Automation Adapters

•  Automate DDI for VMs •  No additional cost •  Extend existing Grid

Val

ue


Cloud Architecture – Where Infoblox Plays NIOS/vNIOS with DDI Automation

The Cloud Computing Conceptual Reference Model (credit: NIST)

Compute Storage Network

Hypervisors

Cloud Orchestration Layer

Cloud Management Platform

Cloud Consumer

OpenSource: OpenStack

Commercial: VMware vCAC, MS SC/VMM

Network Services: Routing, switching, firewalls, load-balancers

Infoblox Adaptors VMware/Microsoft/OpenStack

Infoblox DNS/DHCP/IPAM Core Network Services

Automa'ng the management, provisioning and de-‐provisioning of IP addresses and DNS services is a cloud best prac'ce.

Alan Chabra, Lead Architect, BMC Cloud Center of Excellence “ ”For our cloud customers automating IP address and DNS service

provisioning is a must have. They tell us repeatedly that they can’t rely on manual/high-risk solutions to run their next gen cloud

infrastructure. Vikul Gupta, Director of Cloud Svcs Orchestration, HP

“ ”


Major BioTech firm Private Cloud Case Study

Background and Challenges: •  VM provisioning typically took 3-6 weeks due to network manual network configuration tasks •  Frequent errors during provision •  Multiple hand offs/approvals for IP addresses and DNS entries

Solution and Results: Infoblox DDI + Cloud Adapters •  Reduced time to bring up cloud services •  Reduced total provisioning time from weeks to hours •  Eliminated discrepancies and errors

Agile delivery of cloud services, no manual overhead


Example - VMware Private Cloud using vRA/vRO with IPAM Plug-in

vCenter Server

vRealize Orchestrator (vCO)

Infoblox vRO Plug-in

3- Infoblox DDI allocates the next available IP address and sends it to the VM along with the DNS host record

2- The Infoblox IPAM Plug-in “Reserve an IP” workflow gets invoked

11

Infoblox Trinzic DDI Appliance

1- A vRAcloud admin/user requests a VM to be created

5- The newly created VM is now running on an ESXi host using the newly allocated IP address and DNS record

4- vCenter creates and spins-up the VM


Infoblox – Help Deliver the Promise of Hybrid Cloud

Accelerates Cloud Projects in Single Platform

•  Adapters provide powerful IPAM and DNS automation •  Common interface for multiple teams reduces handoffs

Multi-cloud Management Improves Agility

•  Enterprise-grade DDI for multiple platforms •  Build common policies across different vendors

Security and Audit Capabilities Reduces Risk

•  Detailed tracking for auditing and compliance •  Consolidated view of cloud and traditional resources


Challenges in Amazon AWS Public Cloud Private DNS Management in AWS •  No consistent DNS management for hybrid cloud

(Eg: reverse zone configurations, DNS naming conventions)

•  No automation for DNS records for AWS instances

IP Address Management •  Limited capability to plan, track, manage IP addresses in AWS VPCs •  IP addresses assigned randomly, don’t comply with corporate policy Visibility into IP Addresses and DNS Records for AWS instances •  Network team has little visibility on IP address utilization in AWS •  No single tool to manage DNS, DHCP & IP addresses (DDI) for Hybrid Cloud

Eg: DDI for AWS, Internal Virtualization, Core Network

No Consistent DDI Management for AWS

Lack of Visibility into AWS Infrastructure


Solution: DNS & IPAM for Amazon AWS

DNS in Public Cloud

Centrally manage DNS servers that are on-premise and in AWS

Automation

Automatically assign & reclaim IP addresses and DNS records for

AWS instances

Visibility

Discover IP and DNS information for AWS instances

Extend Infoblox Grid to AWS EC2 virtual compute

Automate DNS records & IP addresses for AWS instances

Discovery, audit and compliance for AWS instances


Automation Agile Deployment with DNS and IPAM Automation

AWS API Client (Ansible, Puppet, Chef scripts etc.)

AWS instances

AWS API calls

AWS API calls

a.b.c.d abc.xyz.com

Grid Member

•  Automate creation/deletion of VPCs, networks, EC2 instances

•  IP address assignments and reclamations

•  Provisioning/de-provisioning of DNS records

•  Configurable DNS names

Grid Master

Data Center


AWS Objects Defined •  AWS Cloud (Orange Box) –

This is the AWS Cloud representing the entirety of the AWS services.

•  AWS Region (Blue Box) – Set of cloud resources isolated from other regions in AWS. There are multiple geographically dispersed regions.

•  AWS Availability Zones (Purple Boxes) – Within a region availability zones isolate resources from one another to protect against failure. Instances can be distributed across availability zones.

•  VPC (Green Box) – Virtual Private Clouds allows you to create networks for your workloads (subnets).

•  EC2 Instances (Elastic Compute 2) – Virtual machines hosting your workloads deployed from an AMI.

AWS Region

VPC 1

EC2 instances

Availability Zones

*Note: Regions and availability zones are distinct resource segmentation within AWS, used to provide segmentation of workloads for HA and DR purposes.

AWS Object Concepts Explained


AWS Object Concepts Explained AWS Connectivity Concepts •  Customer Gateway –

A CGW is the anchor on the customer's side of the VPN connection. It can be a physical or software appliance.

•  Virtual Private Gateway – A VGW is the anchor on the AWS side of the VPN connection.

•  VPN Tunnel – Connection is used to describe the network connectivity that is established between a single CGW and a single VGW.

•  VPC Peering – PC peering connection is a networking connection between two VPCs that enables you to route traffic between them using private IP addresses. Instances in either VPC can communicate with each other as if they are within the same network.

EC2 instances

AWS Region

VPC 1 VPC 2

VPC Peering

EC2 instances

Availability Zones

Availability Zones

On-premise DC

VPN Connection (Tunnel)

AWS Region


DNS and visibility

AWS Region

VPC 1

VPC 2

Shared service/ Management VPC

On-premise DC

GM

Feat

ures

1

2 3

Deployment Scenario Hybrid Cloud

OR

Amazon API calls can be directed to the Grid Master Amazon API calls can be directed Cloud Platform Appliances


Automation for AWS Instances (API Gateway)

AWS API Client (Eg: Ansible, Puppet, Chef scripts etc.)

API Endpoint

1. API: Create EC2 Instance in VPC-Dev for network 10.10.0.0/16

2. GM reserves next available IP in network 10.10.0.0/16 for VPC-Dev and inserts into API request

3. API: Create EC2 Instance in VPC-Dev

4. EC2 Instance spun up with 10.10.10.101 in VPC-Dev

5. API Response: Success

6. GM updates Host records for EC2 Instance

7. API Response: Success

Notes: Amazon API calls can be directed to either the Grid Master or Cloud Platform Appliances GM performs vDiscovery of AWS instances to ensure no duplicate addresses are assigned AWS instance tags assigned as metadata in Infoblox database Policy based IP address assignment via metadata passed in AWS APIs

VPC ID Network IP

VPC-‐Dev 10.10.0.0/16 10.10.10.101

VPC ID Network IP DNS record

VPC-‐Dev 10.10.0.0/16 10.10.10.101 dev1.internal.com


Visibility Discovery and visibility of AWS Networks

AWS VPCs AWS Instances AWS Networks

Single pane of glass to view AWS EC2 instances, VPCs and networks

Periodic discovery of modifications to AWS environment

Detailed view of AWS VPCs and networks

•  EC2 instances in a VPC and their attributes

•  AWS tags imported as configurable metadata


•  Infoblox AMI available for DNS •  Hardened virtual appliance for

secure DNS in AWS •  Deploy Infoblox DNS servers

in AWS VPCs •  Use for External DNS or

Internal DNS •  Fault tolerance with support

for Disaster Recovery

Grid Member (Primary DNS)

Grid Master (GM)

AWS Public Cloud

Data Center

Grid Member (Secondary DNS)

Grid Member (Secondary DNS)

Enterprise Premise

Grid Master Candidate

DNS in Public Cloud Enterprise-grade DNS in Amazon AWS


Infoblox Cloud Network Automation Benefits

Features Elastic Scaling •  Auto provisioning and elastic scaling of vNIOS Appliances •  Ability to auto scale DDI as required by the Cloud

Management Platform

vDiscovery Enhancements •  Discover VMs, IP addresses, vswitches, virtual ports,

physical host, tenants etc on OpenStack and Amazon environment in addition to VMware vSphere

Benefits •  Simplify Cloud Deployment with on-demand provisioning of

Cloud Members •  Elastic scale of IPAM, DNS, and DHCP for Cloud

environments •  Single pane of glass for DDI across hybrid cloud

(Vmware, OpenStack and AWS)

Autoscaling

vDiscovery Discover Virtual Machines (VMs)

VMware/OpenStack/AWS

VM VM VM VM API

Infoblox Trinzic Physical/Virtual Appliance


Q&A

Technology

Infoblox Cloud Solutions - Cisco Mid-Atlantic User Group