Deploying Cloud Network Servicesd2zmdbbm9feqrf.cloudfront.net/2013/usa/pdf/PSODCT-1008.pdfSegment...
Transcript of Deploying Cloud Network Servicesd2zmdbbm9feqrf.cloudfront.net/2013/usa/pdf/PSODCT-1008.pdfSegment...
Deploying Cloud Network Services Prime Network Services Controller (formerly VNMC)
IDPSODCT-1008
Dedi Shindler - Sr. Manager Product Management
Cloud System Management Technology Group
Cisco
© 2013 Cisco and/or its affiliates. All rights reserved. IDPSODCT-1008 Cisco Public
Agenda
Trends Influencing Infrastructure Consumption
Cloud Network Management Challenges
Prime Network Services Controller (Prime NSC) Overview
Use Case: Securing the Tenant Domain
Use Case: Hybrid Cloud Service Deployment
Plans Going Forward
3
© 2013 Cisco and/or its affiliates. All rights reserved. IDPSODCT-1008 Cisco Public
Trends Influencing Infrastructure Consumption
IaaS
Virtualization
SDN and Programmatic Networking
4
© 2013 Cisco and/or its affiliates. All rights reserved. IDPSODCT-1008 Cisco Public
Cloud Network Management Challenges
5
Scaled Environments
Central Management
Multi Tenancy
Network Virtualization
Hybrid Private/Public
Programmatic Networking
New Operational Models Service
Definition • Port profile Configuration
• Lay-out network topology
• Edge GW (FW rules, VPN, DHCP, NAT)
• Load Balancers and tenant services
Resource
Allocation • Tenant Configuration
• Allocate Compute (VMs, Memory, CPU)
• Allocate Network
• Allocate Storage
Env. Set-Up
• System Installations (Servers, FW, LB)
• Assign User Privileges
VM Mobility
e-w Traffic
Dynamic VM Creation
Different Hypervisor Networking Models
Segregation of Duties
Network segmentation
Consolidate Management
Compute/Network/Storage
Various Management Assets
(EMS, Hypervisor Managers,
Orchestrators)
Self-Service
Automation
Co-existence of multiple Organizations
Segment Enterprise Mission Critical Systems
SP and Enterprise co-operate service management
High Scale customer environments
New Architectures Evolves to support Demands
Complex service configuration
WAN/Core
© 2013 Cisco and/or its affiliates. All rights reserved. IDPSODCT-1008 Cisco Public
Prime NSC Benefits
Address cloud management networking challenges
– Network virtualization
– New operational models
– Multi-tenancy
Virtual and physical services support
Hybrid cloud management
Multi-vendor, multi-platform, multi-service
Ecosystem – integration point to northbound management & orchestration systems
SDK
– Infrastructure to support 3rd-party network services
– Increased feature customization and velocity
DHCP
NAT DNS IPSe
c VPN
Firewall
Virtualization ACL OSPF
Static EIGRP LB
BGP
IKE
6
© 2013 Cisco and/or its affiliates. All rights reserved. IDPSODCT-1008 Cisco Public
Amazon
Rackspace
Terramark
Cisco Intelligent Automation for Cloud
Cisco Cloupia
N1KV InterCloud VSG (Zone-
Based Firewall)
ASA1000V
(Edge Firewall)
CSR1000V
(L3 Router)
Third-Party
Device
Image Management Policy Management Service
Configuration
System
Administration
License
Management
Cisco Prime Network Services Controller
Service Chaining Config Archive VM Lifecycle Change Audit Monitoring
Single API
IP Address
Management
Capacity
Management
Performance
Management
vSphere HyperV KVM Xen
Multi-Hypervisor
OpenStack
VMware vCD
CloudStack
BMC CLM
Other
Prime NSC - Vision
7
© 2013 Cisco and/or its affiliates. All rights reserved. IDPSODCT-1008 Cisco Public
Addressing Cloud Service Deployment
8
Common Model
to Enable
Federated
Development
Designed to
Address Cloud
Service
Deployment
Models
API-accessible
Abstraction
Layer
Part of Cisco
Unified Cloud
Management,
Control point to
Cisco
architectures
Supports Self
Contained Multi-
Tenant
Environment
Single Access to
Virtual Services,
Lowering
Customers TCO
© 2013 Cisco and/or its affiliates. All rights reserved. IDPSODCT-1008 Cisco Public
Securing the Tenant Intra Domain and Edge
• Proven Cisco® security: virtualized
physical and virtual consistency
• Collaborative security model
Cisco Virtual Secure Gateway (VSG) for
intra-tenant secure zones
Cisco ASA 1000V for tenant edge controls
• Transparent integration
With Cisco Nexus® 1000V Switch and Cisco
vPath
• Scale flexibility to meet cloud demand
Multi-instance deployment for scale-out
deployment across the data center
Tenant B Tenant A VDC
vApp
vApp
Hypervisor
Cisco Nexus® 1000V
Cisco vPath
VDC
Cisco® Prime Network Services Controller
Cisco
VSG Cisco
VSG
Cisco
VSG
Cisco ASA
1000V
Cisco ASA
1000V
Cisco
VSG
10
© 2013 Cisco and/or its affiliates. All rights reserved. IDPSODCT-1008 Cisco Public
Cisco Nexus 1000V
11
vSphere
1000V
VEM
1000V VSM
VM VM VM VM
Server
Physical Switches
Accelerate virtualization and multi-tenant cloud deployments
Integrated into Vmware vSphere hypervisor
Provides advanced virtual machine switching using .1Q switching technology
vPath and VXLAN technologies
Built on Cisco NX-OS
Provides: policy based VM connection, mobile virtual machine security and network policy, and a non-disruptive operational model
© 2013 Cisco and/or its affiliates. All rights reserved. IDPSODCT-1008 Cisco Public
Virtual Security Gateway Virtual Firewall for Nexus 1000V
12
Prime NSC
VM context aware rules Context aware
Security
Establish zones of trust Zone based
Controls
Policies follow vMotion Dynamic, Agile
Efficient, Fast, Scale-out SW Best-in-class
Architecture
Security team manages security Non-Disruptive
Operations
Central mgmt, scalable deployment,
multi-tenancy
Policy Based
Administration
Virtual
Security
Gateway
(VSG)
XML API, security profiles Designed for
Automation
© 2013 Cisco and/or its affiliates. All rights reserved. IDPSODCT-1008 Cisco Public
Cisco ASA 1000V Solution Features and Capabilities
13
Built using Cisco® ASA infrastructure
VXLAN gateway
Multi-tenant management
Through Cisco Prime NSC
IPsec VPN (site to site)
NAT, DHCP
Default gateway
Static routing
Stateful inspection
IP audit
Interoperability with VSG through
service chaining
© 2013 Cisco and/or its affiliates. All rights reserved. IDPSODCT-1008 Cisco Public
Nexus 1000V InterCloud – Building Secure Hybrid Clouds
15
Enterprise DC Public Cloud
Tenant B Virtual Private Cloud
Network Transparency
Secure Tunnel and Network Overlay
Customer Control
Multi-Platform (Cloud, Hypervisor, Switch)
Consistent L4-7 Network Services
Single Management Interface
Workload Mobility
Secure Multi-Tenant Environment
© 2013 Cisco and/or its affiliates. All rights reserved. IDPSODCT-1008 Cisco Public
Hybrid Cloud Use Cases
16
Tenant A
Virtual Private Cloud
VM VM
Nexus 1000V
Switching
Firewall,
Routing VM VM
Other Tenant
VPCs
VM VM
Seasonal Capacity, Events
Supplement/Geo-Specific Capacity
Upgrade and Migration
Disaster Recovery
© 2013 Cisco and/or its affiliates. All rights reserved. IDPSODCT-1008 Cisco Public
Prime NSC – Hybrid Cloud Management
17
Enterprise DC Public Cloud
Tenant B Virtual Private Cloud
Build InterCloud Environment Construct InterCloud environment, install and configure solution
components
VM Operation Manage day-to-day operations activities
Service Monitoring Monitor service availability and alert on service degradation
System Management Single place of operation supporting enterprise management
standards
Management Orchestration Integrate with internal and external management systems
© 2013 Cisco and/or its affiliates. All rights reserved. IDPSODCT-1008 Cisco Public
Operation Overview
19
VM
N1K VEM
vCenter NSC
VSM
Management
Infrastructure
VM VM
A vCenter VM resource
is moved under
NSC
management
VM
InterCloud Node InterCloud Switch cVEM
VM IC
Driver
A VM that was running at
Enterprise is now running at
cloud on same L2
network extension
Network
Administrator
Server
Administrator
Network admin sets
up infrastructure for
hybrid cloud
Upload VM Image
Server admin issues
hybrid cloud
operations
Cloud
Provider
Template
Template
Template
Image
VM IC
Driver
cVSM
Instantiating InterCloud Instances
© 2013 Cisco and/or its affiliates. All rights reserved. IDPSODCT-1008 Cisco Public
Cloud Bursting Use Case
20
Enterprise Data Center Cloud Data Center
Build Web VM
image, inject
InterCloud driver,
and upload it to
cloud
Secure
Tunnel
Load Balancer
Request
to bring up or
tear down Web
VM(s) at cloud on
demand
Upload the
VM image to
cloud as a Web
Gold VM image
Bring up or tear
down overlay
network
on demand
Bringing
up more web
instances at
cloud
1 2
3 5
4
Image
Template
InterCloud
Driver
Web IC
Driver Web IC
Driver Web Web Web
App App
InterCloud
Switch cVEM
NSC
Intercloud
Node
© 2013 Cisco and/or its affiliates. All rights reserved. IDPSODCT-1008 Cisco Public
Managing Customer Operations
INFRASTRUCTURE
LAYER
CONTROL LAYER
APPLICATION LAYER
Network Device Network Device Network Device
Network Device Network Device
Prime
Network
Services
Controller
Network
Services
Performance
Mgmt.
Advanced
Security
IPAddress Mgmt. Load Balancing Disaster Recovery
API API
Control Data Plane
Interface (e.g. OnePK)
• Leverage control layer to deliver advanced cloud operation management
• Develop application vendor ecosystem
• Cisco as a reseller of a full stack infrastructure and management
• Take advantage of Cisco market footprint
21
© 2013 Cisco and/or its affiliates. All rights reserved. IDPSODCT-1008 Cisco Public
Extensible by design
Hybrid cloud management platform via cloud plug-ins
Multi-vendor, multi-platform support via SDK’s
Native hypervisor extension points
Integration point to Cisco and 3rd party orchestration and management systems
Prime Network Services
Controller
Cloud Plug-In
(jclouds)
Cloud Providers
Virtual and Physical Services
Hypervisors
Automation & Orchestration
External SDK
Embedded FW (PA)
Extension & Packaging
Rest NBI
ESB (JMS)
22
© 2013 Cisco and/or its affiliates. All rights reserved. IDPSODCT-1008 Cisco Public
Key Takeaways – Prime NSC Assets
Advanced architecture addressing Cloud and Virtualization challenges
Enables new ways to consume Infrastructure
Consolidated management for virtual and physical services across private and public clouds
Supports programmatic networking by exposing functionality through XML API
Lightweight and Versatile addressing both Enterprise and SP environments
23
© 2013 Cisco and/or its affiliates. All rights reserved. IDPSODCT-1008 Cisco Public
Maximize your Cisco Live experience with your
free Cisco Live 365 account. Download session
PDFs, view sessions on-demand and participate in
live activities throughout the year. Click the Enter
Cisco Live 365 button in your Cisco Live portal to
log in.
Complete Your Online Session Evaluation
Give us your feedback and you could win fabulous prizes. Winners announced daily.
Receive 20 Cisco Daily Challenge points for each session evaluation you complete.
Complete your session evaluation online now through either the mobile app or internet kiosk stations.
25