Cisco Confidential© 2012 Cisco and/or its affiliates. All rights reserved. 1

Automating Network Services Provisioning in Multi-Service Data CentersMichael DohertyCloud Manageability Architect

EMEAR DataCenter Team

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2

Fully isolated tenant environment (integrated security)

Abstraction of complexities (enables speed)

Automated processes and controls (ensures scale)

Streamlined, holistic coordination of resources and services (maximizes capacity)

Customizable service definitions and implementation (shortens time to market)

Proven, tested solutions – infrastructure and automation/orchestration (reduces risk)

Customer 2Customer 1

Virtualized Multi-Service Data Center

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3

Bronze

Load Balancing 1 VLAN

Virtual Firewall and Private VLANs

Shared VMFS and No Data Protection

Silver

Multiple VLANs

System Configuration

Virtual Firewall and Private VLANs

Dedicated VMFS and DP Through Snapshots

SLB and SSL Offload

Platinum

Multiple VLANs

System Configuration

Virtual Firewall and Private VLANs

Dedicated VMFS ,100% DP, and Cloning

VPN Offload Firewall

SLB and SSL Offload

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4

Tenant Creation

Basic Network Container

Enhanced Network Container

Large Network Container

Multi-Tiered Network Containers Behind Firewalls

Security and Load Balancing Services

TNC

(DB)(App)

Mgmt. VLAN

EnterpriseVPN

(Web)

Internet

FW FW

FW/LB

Designed to Your Requirements Using Flexible Models

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5

Sample Customer Use Case• Computing and storage resources attached to a routable VLANComputing and storage resources attached to a routable VLAN

• Capability to partition and zone virtual machines and access within their containersCapability to partition and zone virtual machines and access within their containers

• Accessible from a VPN connection (hybrid cloud)Accessible from a VPN connection (hybrid cloud)

This use case supports creation of a protected private zone. The customer requires that the only way to reach this zone is through a private VPN (MPLS, SSL, and IPsec). To build this solution, Cisco® Network Services Manager will build both the private zone and the network container within it.

Router and PE

Distribution

Layer 2 Aggregation

Layer 2 Aggregation

Access

Services

Device Roles

Virtual machine is deployed outside Cisco Network Services Manager

NC Topology: VPN with Network Container

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6

CiscoCisco®® Network Services Network Services Manager EngineManager Engine

Abstracted Business Model

Abstracted Services and Topology Model

Abstracted Operational Model

Cisco Network Services Manager Cisco Network Services Manager ControllerController

Cisco Network Services Manager Cisco Network Services Manager ControllerController

Cisco Network Services Manager Cisco Network Services Manager ControllerController

Cisco Network Services Manager Cisco Network Services Manager ControllerController

Cisco Network Services Manager Cisco Network Services Manager ControllerController

Cisco Network Services Manager Cisco Network Services Manager ControllerController

Pod/BlockPod/Block Pod/BlockPod/Block Pod/BlockPod/Block

NB API

JMS Transport

Network Services Manager allows administrators the ability to define the logical constructs of their cloud (access/security, tiers of service, resources and constraints).

Tenant Container Tenant Container

EnterpriseNetwork

NetworkContainer

Tenant Network Container Tenant Network Tenant Network

ContainerContainerNetwork

Container

Tenant Network Tenant Network ContainerContainer

Network Container(Application)

Internet

Network Container

(Web)

FW

FW

MPLS Network

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 777

This use case shows a combination of a set of the 4 possible zones in Network Services Manager

Note that the models will allow each combination in every zone - all possible combinations are shown but in this case distributed across the 4 zones - they could all be built in any zone

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8

Virtual ApplianceVirtual Appliance

VSM

VEM-1

vPath

VEM-2

vPath

Hypervisor Hypervisor

vWAAS VSG

ASA1000vCloud

Services Router vACE

Virtual Network Management

Center(VNMC)

• Single integrated access to manage Cisco virtual services

• VM lifecycle and service feature configuration

• Common UX and operational flows

• Tenant and provider views

• Integral part of the N1K architecture

• Common model to enable federated development

• XML APIs to enable third-party management and orchestration tool integration

VNMC

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9

Common abstraction layer

Standardized API

Flexible, easily consumable interface

Cisco and 3rd party physical and virtual platforms

Fastest deployment and lowest operating costs for cloud

OrchestrationOrchestrationModuleModule

Automation Automation ModuleModule Service CatalogService Catalog Service PortalService Portal

CiscoCisco®® Network Network Services ManagerServices Manager

SP VMDC PodSP VMDC Pod Enterprise VMDC PodEnterprise VMDC Pod

Open REST APIOpen REST APIAbstraction LayerAbstraction Layer

VNMCVNMC

Thank you.