Cisco ACI for the Microsoft Cloud Platform

Shashi Kiran, Senior Director, DC & Cloud Networking

Harry Petty, Director, DC & Cloud Networking

Vimala Veerappan, Engineer, Technical Marketing

We Are at the Beginning of a Major Shift

Consolidation

Virtualization

IT as a

Service

Hybrid

Cloud

Traditional

Data Center

2000 2008 2015

Automation

Adoption Curve

Efficiency

Connected Experiences

The Next 5+ years

Simplicity

Agility

Standardization

Distributed Cloud

Data Center

The IoE Era

IaaS | PaaS | SaaS | XaaS

We are here

Cisco and Microsoft Partnership Thrives

Executive Sponsorship Multi-year investments and commitment in

Microsoft and Cisco technology integration

focused on compute, network, management

Research and Development

• Unified Computing System (UCS)

• Application Centric Infrastructure (ACI)

• CSR 1000V

• Nexus 1000V & Windows Server 2012

• InterCloud Fabric

• CVDs for Microsoft Fast Track Solutions

Build Your Own As a service

On-Prem or Intercloud

On-Demand Private Cloud

IT Operated Private Cloud

Optimize Your Cloud Business Model

Ownership

Management

Location

Customer

Hosted Private Cloud

Customer

On-Prem

Partner

Cisco / Partner

Partner

Partner

Build Buy

Expanding Cloud Provider Ecosystem

Cisco Intercloud Fabric Seamless Workload Mobility Across Any Cloud

No Vendor Lock-In: Open Architecture

Any Hypervisor Across Any Provider

• Heterogeneous Infrastructure

End-to-End Security and Governance

Unified Workload Management

Cisco’s Hybrid Cloud Approach

On-Premise

DATA CENTER

Enterprise Private Clouds

Intercloud Partners

Public Clouds

Cloud Services And Applications

CISCO INTERCLOUD FABRIC

Cisco’s Hybrid Cloud Approach

Open

Choice

Traditional Data Center

Enterprise

Private Cloud • Cisco ACI

• Integrated Infrastructure

• Cisco ONE Enterprise

Cloud Suite

No Vendor Lock-In: Open Architecture

Any Hypervisor Across Any Provider

Unified Workload Management

Microsoft Cloud Platform creating the compute, network, and storage for cloud consumption

Windows Server 2012 R2 with Hyper-V

Microsoft System Center

Windows Azure Pack

• Windows Azure Pack 2.0 for Windows Server

• SPOG definition, creation, management of

Microsoft Cloud service

• Defines tenant portals

• Deploy apps and virtual networks

• System Center 2012 R2 Virtual Machine

Manager (VMM)

• Central management of the virtual networks

• Hyper-V Network Virtualization

• The infrastructure to virtualize network traffic

• Gateways connect virtual and physical

networks

VMM

“We need self-service with new services for apps that scale. And my tenants want it fast.”

Cloud Administrator

“Our customer experience has to be great... I want to run my apps now… We simply can’t wait for infrastructure.”

Line of Business Leader

Preparing for every application security situation is nearly impossible. And we have to move fast.”

Chief Info. Security Officer

“

Infrastructure Manager

“We manage them box-by-box. It takes time to set up and check for manual errors.”

A Day in the Life - Typical Challenges

Tear Down Modify Manage

“A Day in the Life” of a Microsoft Cloud Admin

Creating and managing tenants

Enabling Shared Services

Automating security policies

Across thousands of virtual nodes

Deploy Create

Governance

Tenants

Features

IT Organization Performance

Security

Availability

Scale

Match the Pace of Application Changes

Application Changes Create Infrastructure Demands

“A Day in the Life” of the Infrastructure Team

DB Tier Web App Tier

Performance Security Availability Scale

Physical

Servers

Physical, Virtual

Servers

Physical, Virtual Servers

Firewall

Firewall

Application Delivery Controller

Intrusion Detection

Application Delivery Controller

Firewall

Web Security Appliance

Firewall

Firewall

Application Delivery Controller

Intrusion Detection

Storage

Web

cache Storage

IT Organization

Compute

Team

Network

Team

Security

Team

Storage

Team

Application

Team

VIRTUALIZED

SERVICES

VLAN

IP

QoS

ACLs

ADC

Services

Rules

SWITCH

VLAN

IP

QoS

ACLs

FIREWALL

Security

Policy

VIRTUALIZED

SERVICES

VLAN

IP

QoS

ACLs

FIREWALL

Security

Policy

VIRTUALIZED

SERVICES

VLAN

IP

QoS

ACLs

Compute

Team

Network

Team

Security

Team

Storage

Team

• Increased Agility For Virtual Devices –

Faster configuration and provisioning of virtual

devices

• Partial Solution– Embedded support only for

virtual devices

• Operational Complexity – Two networks

• No Traffic Visibility – Limited troubleshooting

• Limited Scale – Centralized gateways,

sub-optimal traffic flow Physical and Virtual Resources

Overlay - Virtual Devices

Physical Resources

Two Networks

Advantage

Disadvantage

Would a Software Only Overlay Suffice?

Gateway

Introducing a Better Approach: Cisco Application Centric Infrastructure (ACI) – Better Together with Microsoft Cloud Platform

ACI Vision: Scale, Security and Full Visibility

Physical Networking

Compute L4–L7 Services

Storage Hypervisors and Virtual Networking

Multi DC WAN and Cloud

Enabled by physical and virtual integration

Tenant Application HEALTH SCORE

LATENCY

DROP COUNT

VISIBILITY

VMs

Physical

Application Delivery Controller

Firewall

96%

Microsecond(s)

Packets Dropped

5

25

16

8

HEALTH SCORE

LATENCY

DROP COUNT

VISIBILITY

VMs

Physical

Application Delivery Controller

Firewall

78%

Microsecond(s)

Packets Dropped

5

25

16

8

2

0

Industry Leading

Partnerships

Application Centric Policy Open Ecosystem ACI Fabric/Nexus 9000

Pillars of ACI

Application Centric Infrastructure

Rapid Deployment of Applications onto Open Networks with Scale, Security and Full Visibility

Programmable Network Enabling DevOps

Optimized

Mobility

POAP

DevOps Tooling

Interoperable

Development

Operations

NETWORK

SECURITY STORAGE

COMPUTE

DEV OPS

ARCHITECT

DEVELOPER

QA

Open APIs

Foundation:

Nexus or ACI

PXE ONIE Linux/Python

Daemon NXAPI

Automation through Common

Policy

Cisco ACI

Physical, Virtual & Containers

Open, Standards-Based & Secure Application Centric

Infrastructure

The Most Complete Solution For Our Customers

Cisco ACI Complements, Enhances and/or Replaces Any Other SDN Offering

Bare Metal Applications

Virtualized Applications

Optional Software Overlay

Foundation:

Nexus or ACI

Consistent Across virtual and

physical infrastructures

Open Interoperable, API

Secure Automated, compliant

Agile Faster, application

centric

Cisco and Microsoft together deliver:

New cloud services for tenants and their enterprise applications

A new operational model

Policy-driven infrastructure

A clear evolutionary path

One Integrated Network for

Physical and Virtual Resources

Overlay - Virtual Devices

Physical Resources

Two Networks Gateway

Advantage

• Highest Agility – Consistent policy across

physical and virtual

• Open – Multi-hypervisor/vendor support

• Operational Efficiency – Single network

• Deep Traffic Visibility – Simplified

analysis and troubleshooting

• Highly Scalable – Integrated gateways,

optimized traffic flow

Subject Matter Experts Define Policies

1

Application Centric Policy

Network SME

Security SME

Application SME

2

Policies Used To Create Application Network Profile Templates

3 Automated policy configuration across the infrastructure

Life cycle management for day 1, day 2 operations

4

Multi DC WAN and Cloud

Storage L4–L7 Services

Compute Physical Networking

Hypervisors and Virtual Networking

Hypervisors and Virtual Networking

Physical Networking

Compute L4–L7 Services

Storage Multi DC WAN and Cloud

Cisco ACI and Microsoft HyperV workflow

7

2 3

5

Azure Pack

Tenant/

Admin

APIC Admin

(Basic

Infrastructure) 6

4

ACI

Fabric

1

Application Network Profile

Web App DB Firewall Load

Balancer App Profile

Xxxxxxxxxx

Xxxxxxx

xxxxxxxxxxxxxxx

Push Policy On Leaf Where EP

Attaches 7

Push Network Profiles To The

Cisco® APIC 2

Get VLANS Allocated

For Each EPG 3

Create VM Networks 4

Create Application Policy 1

Instantiate VMs 5

Indicate EP Attach To Attached

Leaf When VM Starts 6

ACI

1

APIC Plugin SCVMM Plugin

Azure Pack\SPF

Hypervisor

OpFlex Agent

Web App

Web App DB

Web Web DB

Server 1

Server 2

Server 3

Simplify Operations with Visibility: Fabric Topology

• View full fabric topology.

• Displays all spine / leaf and APIC connectivity details

Simplify Operations: System Health Score

Aggregation of system-wide health, including pod health scores, tenant health scores, system fault counts domain and type and the APIC cluster health state.

Simplify Operations: Application Health Score

Aggregation of end point group health, including:

• end points,

• contexts,

• bridge domains,

• Ports

• VLAN / VXLAN

that are relevant to that particular application health state.

Troubleshooting Scenario’s – Viewing the Application from EP to EP with Services

• Application behind firewall and Load balancer is having performance issues.

• Firewall and Load balancers are virtual.

• Wizard quickly draws a logical topology as well as pinpoint virtual port channel (VPC) issue.

Troubleshooting Scenario’s – Viewing the Application from EP to External IP

• Application running in datacenter needs to access outside and having issues.

• Used the tool to see a logical topology and identify the issue i.e. packet drops at the interface

Faster App Availability

ARCHITECT DESIGN COMPUTE Service

Request STORAGE SECURITY NETWORK

Application

Available

TIME

APP F/W L/B

WE

B L/B DB APP

F/W ADC

WEB ADC DB

Policy Automation Application Policy Language Common Policy Framework and

Platform for All It Teams

APPLICATION

COMPUTE NETWORK

CLOUD

STORAGE SECURITY

Data Centers Built on Open Architectures

Open Source

UCS ACI Inter-

cloud

OpFlex NSH VXLAN

RESTful APIs ( XML)

(JSON)

Open Standards

Open Ecosystem Open Interfaces

Unified Compute Nexus Data Center Switching

Application Centric Infrastructure

Integrated Solutions

Hyper-Agility

Security &

Governance

Biz. Insights

Security &

Services

Open Infra.

Northbound Partners

APIC

Systems Management

DevOps

Analytics

Southbound Partners

Enterprise Monitoring

Orchestration Frameworks

L4-L7 Services

Fabric Attached Devices

ACI Delivers Secure Multi-Tenancy at Scale

CENTRALIZED

AUTOMATION

Audit, Detect, Mitigate

EMBEDDED IN ACI INVESTMENT PROTECTION

FirePOWER Now Integrated with ACI

Validated for Deployment in PCI Compliant Networks

POLICY DRIVEN

Physical & Virtual

Automated Protection to Cover the Attack Continuum

© 2014 Cisco and/or its affiliates. All rights reserved.

Compliance

Driven

Threat

Focused

White-List Policy

Secure Multi-Tenancy—Business Units and Applications

• Ideal for the company split

• Policy automation follows applications, not physical location

• Re-useable but separate IP address space

Sheila Jordan, CIO

Case Study:

Level of Segmentation/Isolation/Visibility

ACI Enables Segmentation Based on Business Needs

VLAN 1 VXLAN 2

VLAN 3

Network centric

Segmentation by

VLAN

DEV

TEST

PROD

Segment by

Application

Lifecycle

PRODUCTION

POD DMZ

SHARED

SERVICES

Basic DC Network

Segmentation

Per Application-tier /

Service Level

Micro-Segmentation

WEB

APP

DB

https://www.youtube.com/watch?v=0kcXhm9Vbyw&index=1&list=PLFT-9JpKjRTAB1jxPP0GT_PEdI6Hu32TQ

Cisco ACI Network Provider Service Offerings

Features Shared Network Tenant Private Network

Isolated Networks ✓ ✓

Firewall ✓ ✓

Shared DHCP ✓ ✓

Shared Load Balancer ✓ ✓

Shared Services ✓ ✓

Public Internet Access ✓ ✓

Private Address Space ✓

Private DHCP Server ✓

Use Cases Shared Network and Virtual Private Network

WEB

WEB

APP

APP

Finance Tenant

DB

MONGO

DB

Shared Services

Tenant

DHCP

DNS

ACI Common

services

LB

FW

Tenant Private Network Shared Network

WEB

WEB

APP

APP

DevTest Tenant

192.168.0.0/16

APP APP

Finance Tenant

DHCP

DNS

ACI Common

services

LB

FW

WEB WEB

APP APP

DevTest Tenant

192.168.0.0/16

WEB WEB WEB WEB DB

MONGO

DB

Shared Services

Tenant 10.0.10.0/24 10.0.10.0/24

Roll the Demo – Windows Azure Pack with ACI

© 2014 Cisco and/or its affiliates. All rights reserved.

Broad Customer Base Adopting Cisco ACI and Nexus 9K

ACI Solves Real Customer Challenges

Reduce Network Provisioning

58% Reduce

Management Costs

21% Reduce Power

and Cooling Costs

45% CAPEX

Reduction

25% Compute and

Storage Optimization

10 – 20%

Greater

Business

Agility

Lower

Capital

Expenses

Reduced

Costs /

Complexity

Lower

Operating

Cost

Resource

Optimization

OPEX

CAPEX

OPEX

CAPEX

OPEX

CAPEX

Infrastructure TCO Savings

4

6

2011 2014 2015

Existing

Infrastructure (Optimized)

Cisco ACI Existing

Infrastructure (Un-optimized)

32% Savings

41% Savings

Cisco ACI integrated with Microsoft Cloud Platform

Get Consistent Control of your Infrastructure.

Build Microsoft Cloud Data Centers on Open

Architectures.

Achieve a New Level of Infrastructure agility.

Bring a Powerful Application-Centric Approach to

Security.

1 View the resources available

2 Contact your Account Rep

3 Establish a pilot

Resources:

• Solution Brief - Cisco Application Centric

Infrastructure Integration with Microsoft

• White Paper - Cisco Application Centric

Infrastructure and Microsoft SCVMM

and Azure Pack

• Video Demo – Solution Integration with

Cisco ACI and Microsoft Windows Azure

Pack

• Video – Microsoft SVP Brad Anderson

talks about Cisco ACI and Microsoft

Cloud OS

• www.cisco.com/go/aci

http://www.ciscolive.com/us/