Upload
cisco-it
View
634
Download
5
Embed Size (px)
DESCRIPTION
The Cloud is one of the fastest growing solutions today and the significance of the secure multi-tenant data center on business applications is increasing. Cisco IT is building an Application Centric Infrastructure (ACI) for Cloud Computing. An ACI environment requires a holistic approach in managing and orchestrating network, server, storage and application resources within a data center and across multiple data centers. This enables Cisco IT to deliver a secure programmable infrastructure that anticipates application requirements and through policies delivers Software as Service offerings to Cisco Business Units. Cisco IT has been a fundamental driver in building and adapting the suite of management tools needed today to orchestrate data center infrastructure and platforms to deliver business services. Attendees will learn how Cisco IT is designing next-generation application aware solutions and the new policy models required for this journey. Cisco IT is migrating all traditional applications to a radically simplified compute platform and programmable network. Application Centric Infrastructure will significantly reduce the network complexity and improve security, while reducing application deployment cycles. Cisco IT has aggressively deployed an internal private cloud with the goal of offering all IT services as self-service. Attendees will understand the TCO Cisco IT has achieved building Application Centric Infrastructure along with our existing UCS compute platform. Additionally we will share the experience and lessons learned from our journey transforming applications and platforms to an infrastructure aware architecture. Session highlights include: • Cisco IT’s adoption of Application Centric Infrastructure (ACI) • Application Centric Infrastructure Design • Nexus 9000 • Unified Compute System • Infrastructure as a Service (IaaS) • Platform as a Service (PaaS) • Improved Application Security • Reducing data center and network operating costs • Driving higher utilization of existing servers • Organizational Alignment • Application transformation
Citation preview
Inside Cisco IT: Secure and Simplified Cloud Services with ACI
COCACI-2000
© 2014 Cisco and/or its affiliates. All rights reserved.COCACI-2000 Cisco Public
Agenda
• ACI Technology Overview
• Cisco IT’s Data Centers
• Cisco IT’s ACI DC Architecture
• Cisco IT’s Cloud and ACI
• Light Weight Applications
• Cisco IT’s Cloud Vision
3
ACI Technology
© 2014 Cisco and/or its affiliates. All rights reserved.COCACI-2000 Cisco Public
Application Centric InfrastructureACI Vision: Rapid deployment of applications onto networks with Scale,
Security and Full Visibility
ACI
• OPEN RESTFUL APIS• CENTRALIZED POLICY MODEL• OPEN SOURCE
CONTROLLER POLICY MODEL NEXUS 9500 and 9300
A C I B u i l d i n g B l o c k s
© 2014 Cisco and/or its affiliates. All rights reserved.COCACI-2000 Cisco Public
Central ControllerNorthbound and Southbound
• OPEN RESTFUL APIS• CENTRALIZED POLICY MODEL• OPEN SOURCE
Sou
thbo
und
Nor
thbo
und
vCenter
VMware
CIAC
Easier ConfigurationVisibilityTroubleshooting
Integration -Compute controllers-Cloud orchestration systems (automation)APIC
6
© 2014 Cisco and/or its affiliates. All rights reserved.COCACI-2000 Cisco Public
Central ControllerNorthbound and Southbound
• OPEN RESTFUL APIS• CENTRALIZED POLICY MODEL• OPEN SOURCE
Sou
thbo
und
Nor
thbo
und
vCenter
VMware
CIAC
APIC
OPFLEX
SOFTWARE POLICY
EXTENSIONS
INSIDE + OUTSIDE
OF THE DC
7
© 2014 Cisco and/or its affiliates. All rights reserved.COCACI-2000 Cisco Public
Tenant
EPGDB
EPGAPP
EPG WEB
What’s an Application Profile ?
External Network
End Points End PointsEnd Points
QoS
Filter
QoS
ServiceFW/SLB
Filter
QoS
ServiceSLB
Filter
Contract
Service Graph
Application Profile
8
© 2014 Cisco and/or its affiliates. All rights reserved.COCACI-2000 Cisco Public
Network Enhancementsless planned and unplanned application downtime
Network Enhancements
40 Gig (100 Gig Future)
Network Virtualization (Vxlan)
L2 enhancements L3 only No FloodingZTD True traffic loadbalancing
(Flowlets)
9
© 2014 Cisco and/or its affiliates. All rights reserved.COCACI-2000 Cisco Public
Fab
ric
(AC
I)
No changeMigration
from Standalone to Fabric Mode is possible
Sta
nd
alo
ne No change
Code adjustments
Topology
Forwarding
Enhancements
Change
Change
Data Model Policy Model
Topology
Forwarding(Enhancements)
Major Change
Standalone Mode‘devices’
controlled separately
Mode
Fabric ModeCentral
ControllerMode
ACI(Application Centric
Infrastructure)
Common Hardware
40 Gig (100Gig future)
93xx
9504
9508
Nexus:
9516
Nexus 9000 product line
10
Cisco IT’s Data Centers
© 2014 Cisco and/or its affiliates. All rights reserved.COCACI-2000 Cisco Public
Global Data Centers
A BTier-III
(Redundant)Tier-II
(Less Redundant)
2x TexasBB
1x Amsterdam
1 x Singapore
B
B
Globally Centralized:Business Apps
Continental Hub:Order Processing, Comms
Continental Hub:Communications
Cloud Services availablePrivate Cloud, self Service capabilities:IaaS / PaaS
B
B
B
B
Latency-SensitiveSoftware Development
Cisco IT’s ACI Data Center Architecture
© 2014 Cisco and/or its affiliates. All rights reserved.COCACI-2000 Cisco Public
ACI Topology View Flexible Topology
Virtual Boundaries
Physical and Virtual Services
Highly Converged Infrastructure
Easier to Manage
Vxlan
Leaf to Hypervisor
Vxlan Spine to Leaf
14
© 2014 Cisco and/or its affiliates. All rights reserved.COCACI-2000 Cisco Public
New Virtual Compute DesignVmware only
traditional virtual compute design virtual compute design on ACI
VMM DomainVMotion VMotion VMotion VMotion
15
© 2014 Cisco and/or its affiliates. All rights reserved.COCACI-2000 Cisco Public
Mapping of existing network aspects & applications to ACI Model
Contracts
Bridge Domain
Context(VRFs)
ACI
Subnet(s)
IP to IP Communication
Tenant(s)
ANP(s)
EPG(s)
Fabric External
EPG(s)
EPG(s)
SLB and FW config
Context(VRFs)
Current DC Network
Subnet
ACLs(Permitted / Denied flows)
Service Graphs
Filters / Labels / Bundles / Interfaces
Inner ANP Contract
Inner Tenant, Inter ANP Contract
Inter Tenant Contract
Fabric External Contract
Flexible building blocks
Grouping Separation
Security /Contract Management Framework
ANP(s)
16
© 2014 Cisco and/or its affiliates. All rights reserved.COCACI-2000 Cisco Public
Tenant CommonTenant 3Tenant 2Tenant 1
Cisco IT ACI Architecture: Logical View (networking elements)EPG to BD to Subnets to VRFs to External
EPG-12
EPG-11
EPG-13
EPG-22
EPG-21
EPG-23
EPG-32
EPG-31
EPG-33
VRF-dmz
VRF-Int
EPG-Corp
EPG-Other-DC
1.1.1.0/242.2.2.0/24
3.3.3.0/24
BD-Ext-2
BD-Ext-1
93969396
DC Core(External)
DC Core(Internal)
Internet
5.5.5.0/24
BD-int-2
4.4.4.0/24
BD-int-1
EPG-DMZ
EPG-Internet
17
© 2014 Cisco and/or its affiliates. All rights reserved.COCACI-2000 Cisco Public
Tenant CommonTenant 3Tenant 2Tenant 1
EPG-11
EPG-13
EPG-21
EPG-23
EPG-31
EPG-33
Internet
Infra
Se
rvices
EPG-NTP
EPG-DNS
EPG-Monitoring
EPG-…
EPG-12 EPG-22 EPG-32
Cisco IT ACI Architecture: Security to Infrastructure ServicesEGPs and Contracts
EPG-Corp
EPG-Internet
DC Core(External)
DC Core(Internal)
18
© 2014 Cisco and/or its affiliates. All rights reserved.COCACI-2000 Cisco Public
Tenant CommonTenant 3Tenant 2Tenant 1
EPG-11
EPG-13
EPG-21
EPG-23
EPG-31
EPG-33
Internet
AP
P M
W S
ervice
s
EPG-OAM
EPG-LDAP
EPG-OCM
EPG-…
EPG-12 EPG-22 EPG-32
Cisco IT ACI Architecture: Security to Application Middleware ServicesEGPs and Contracts
EPG-Corp
EPG-Internet
DC Core(External)
DC Core(Internal)
19
© 2014 Cisco and/or its affiliates. All rights reserved.COCACI-2000 Cisco Public
Tenant CommonTenant 3Tenant 2Tenant 1
EPG-11
EPG-13
EPG-21
EPG-23
EPG-31
EPG-33
EPG-Corp
DC Core(External)
DC Core(Internal)
Internet
EPG-Internet
EPG-12 EPG-22 EPG-32
Cisco IT ACI Architecture: Security to outside the ACI FabricEGPs and Contracts
20
© 2014 Cisco and/or its affiliates. All rights reserved.COCACI-2000 Cisco Public
Tenant CommonTenant 3Tenant 2Tenant 1
EPG-11
EPG-13
EPG-21
EPG-23
EPG-31
EPG-33
Internet
FW
SLB
SLB
FW
SLB
FW
EPG-12 EPG-22 EPG-32
Cisco IT ACI Architecture: Client level Security and ServicesEGPs and Contracts and Services (SLB, FW)
EPG-Corp
EPG-Internet
DC Core(External)
DC Core(Internal)
21
Cisco IT: ACI and Automation (Cloud)
© 2014 Cisco and/or its affiliates. All rights reserved.COCACI-2000 Cisco Public
Delivering Infrastructure for Applicationsand what can we automate ?
Physical Build in the DC
• Racking• Stacking• patching
Basic configuration ofDC Infrastructure
Client/App specifics
ACI for network items ACI for networkand network security items
ACI & Automation
Application Code
Specifics
Foundational Aspects
• UCS • Switches• Storage• SLB • FW
Functional Aspects(IaaS / PaaS)
• xVMs• CPU/Mem per VM/BM• Storage per VM/BM• SLB setup• FW setup• OS• Apache/Oracle … basic code
BuildHandover to APP teams
1 2 3 4
High Integrity Automation Systems Reduction of extensive (change management) processes
23
© 2014 Cisco and/or its affiliates. All rights reserved.COCACI-2000 Cisco Public
The Future: Private Cloud modelWe all want to an End-to-End Programmable Infrastructure
Block Storage
Compute
IP File/ IP Block/ IP
Object Storage
vCenter
ControllersResource Managers
Orchestration
(Cloud)
CIAC
ASA
Client
Security Admin
ComputeNetworkStorageAdmins
PaaS
Resources
PrimeEman
InfraPortal
eACLm
Network
Integrated
Security
Application Code
Portal
Application/Data Policy
Network Security Policy
24
© 2014 Cisco and/or its affiliates. All rights reserved.COCACI-2000 Cisco Public
ACI Program – Quarterly Objectives: FY15
FY14Q3 FY14Q4 FY15Q1 FY15Q2 FY15Q3 FY15Q4
1
2
3
4
5
6
SJC-K Engineering DC on N9K(standalone)
ACI Design and ACI Automation (finalization)
FY15: +/- 4000 VMs on ACIAll workloads on ACI: migration of 2-3 years
Migrate SJC-K to FabricCisco IT Private Cloud on ACIRTP1 DC
Cisco IT Private Cloud on ACIAllen DCRTP1: Traditional Application Migration (non-prod)
Allen & RCDN9: Traditional Application Migration to ACI(production apps wave 1)
Allen & RCDN9:production apps wave 2
25
Cisco IT: Citeis and ACI
© 2014 Cisco and/or its affiliates. All rights reserved.COCACI-2000 Cisco Public
SaaS
PaaS
IaaS
Client #3 (requires IaaS services only)
“Give me the VMs and Storage and I’ll manage everything above the OS to build my application”
Clients order higher order services.
E.g. app. development stack, databases, etc.
These internally use infrastructure APIs to provision compute/storage/network.
Client #2(requires IaaS & PaaS services)
“My needs are mixed. I’ll take all the goodies I can get, and build the ones that I can’t”
Client #1(requires PaaS services only)
“Give me all the standard goodies, and leave me just to manage my application”
Same as use case #1
Same as use case #3
“builder” of SaaS services
What do the clients want from the infrastructure providers ?
27
© 2014 Cisco and/or its affiliates. All rights reserved.COCACI-2000 Cisco Public
TraditionalNetwork
Continuous Delivery
Lightweight App. Containers
API enabled Standard IaaS
Application Centric Infra. (ACI)
DedicatedPlatforms LAE
ACI Fabric
PaaS
IaaS
SDaaS
Mobile Workload XaaSOrder Mgmt Pricing
Waterfall / AgileDevelopment
Stationary Applications
Application Centric Cloud
Policy ControlUnified Infrastructure
ScalabilityAPIsIntercloud
Adaptive ScalingFeature Rich
DevOpsOpen sourceQuality Releases
Distributed ServicesCloud Scale
28
Cisco IT: Light Weight Applications
© 2014 Cisco and/or its affiliates. All rights reserved.COCACI-2000 Cisco Public
Disparate, Disjointed, Processes & Systems
Limited / Restricted set of choices
Closed Source
WhatLong Lead Times
(Provisioning)
Complete Framework(for ALM)
Flexibility of Choices
Open Source
WhatRapid / Self-serve
Hundreds of Applications
10s of Thousandsof Applications
Why Lightweight Application Environment (LAE)?
30
© 2014 Cisco and/or its affiliates. All rights reserved.COCACI-2000 Cisco Public
Continuous DeliveryDevelopment + Quality End to End Workflow
TBD
Client InvolvementViable Product
Cloud, ERP, and Mobile Application Development
Prioritized Sprint
Commit & PushCode Review, Merge
Static / Dynamic, Progression / RegressionUnit / Integration, Functional / Performance / Security
Build, Test, ReportOn-demand, Scheduled
Product Mgr.
Scrum Master
Developers
Plan Develop Source Control Management
Continuous Build
Deploy & Release
Adapt & Scale
Automated Testing
Group components Application SnapshotGroup ApplicationsRelease Control Gates
Development
Staging
Production
DeployableArtifact
32
Cisco IT: Cloud Vision
© 2014 Cisco and/or its affiliates. All rights reserved.COCACI-2000 Cisco Public
Self-Optimizing Cloud
Policy based on observed norms
35
CISCO IT DEMO: Emerging Cloud Capabilities – ACI, OpenStack
World of Solutions, Booth #735 Today 2:30pm – 2:50pm
Join Us!We will demonstrate a few of the emerging cloud capabilities enabled for Cisco IT Elastic Infrastructure Services (CITEIS) using technologies like ACI, OpenStack and OpenShift.
We will describe how application policy controls, and programmable infrastructure can enable elasticity, agility and continuous delivery of business capabilities.
© 2014 Cisco and/or its affiliates. All rights reserved.COCACI-2000 Cisco Public
Complete Your Online Session Evaluation
37
• Give us your feedback and youcould win fabulous prizes. Winners announced daily.
• Complete your session evaluation through the Cisco Live mobile appor visit one of the interactive kiosks located throughout the convention center.
Don’t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online
© 2014 Cisco and/or its affiliates. All rights reserved.COCACI-2000 Cisco Public
Continue Your Education
• Demos in the Cisco Campus
• Walk-in Self-Paced Labs
• Table Topics
• Meet the Engineer 1:1 meetings
38
Thank you.