Deploying Cloud Network Servicesd2zmdbbm9feqrf.cloudfront.net/2013/usa/pdf/PSODCT-1008.pdfSegment...

Deploying Cloud Network Services Prime Network Services Controller (formerly VNMC)

IDPSODCT-1008

Dedi Shindler - Sr. Manager Product Management

Cloud System Management Technology Group

Cisco

© 2013 Cisco and/or its affiliates. All rights reserved. IDPSODCT-1008 Cisco Public

Agenda

Trends Influencing Infrastructure Consumption

Cloud Network Management Challenges

Prime Network Services Controller (Prime NSC) Overview

Use Case: Securing the Tenant Domain

Use Case: Hybrid Cloud Service Deployment

Plans Going Forward

3


Trends Influencing Infrastructure Consumption

IaaS

Virtualization

SDN and Programmatic Networking

4


Cloud Network Management Challenges

5

Scaled Environments

Central Management

Multi Tenancy

Network Virtualization

Hybrid Private/Public

Programmatic Networking

New Operational Models Service

Definition • Port profile Configuration

• Lay-out network topology

• Edge GW (FW rules, VPN, DHCP, NAT)

• Load Balancers and tenant services

Resource

Allocation • Tenant Configuration

• Allocate Compute (VMs, Memory, CPU)

• Allocate Network

• Allocate Storage

Env. Set-Up

• System Installations (Servers, FW, LB)

• Assign User Privileges

VM Mobility

e-w Traffic

Dynamic VM Creation

Different Hypervisor Networking Models

Segregation of Duties

Network segmentation

Consolidate Management

Compute/Network/Storage

Various Management Assets

(EMS, Hypervisor Managers,

Orchestrators)

Self-Service

Automation

Co-existence of multiple Organizations

Segment Enterprise Mission Critical Systems

SP and Enterprise co-operate service management

High Scale customer environments

New Architectures Evolves to support Demands

Complex service configuration

WAN/Core


Prime NSC Benefits

Address cloud management networking challenges

– Network virtualization

– New operational models

– Multi-tenancy

Virtual and physical services support

Hybrid cloud management

Multi-vendor, multi-platform, multi-service

Ecosystem – integration point to northbound management & orchestration systems

SDK

– Infrastructure to support 3rd-party network services

– Increased feature customization and velocity

DHCP

NAT DNS IPSe

c VPN

Firewall

Virtualization ACL OSPF

Static EIGRP LB

BGP

IKE

6


Amazon

Rackspace

Terramark

Cisco Intelligent Automation for Cloud

Cisco Cloupia

N1KV InterCloud VSG (Zone-

Based Firewall)

ASA1000V

(Edge Firewall)

CSR1000V

(L3 Router)

Third-Party

Device

Image Management Policy Management Service

Configuration

System

Administration

License

Management

Cisco Prime Network Services Controller

Service Chaining Config Archive VM Lifecycle Change Audit Monitoring

Single API

IP Address

Management

Capacity

Management

Performance

Management

vSphere HyperV KVM Xen

Multi-Hypervisor

OpenStack

VMware vCD

CloudStack

BMC CLM

Other

Prime NSC - Vision

7


Addressing Cloud Service Deployment

8

Common Model

to Enable

Federated

Development

Designed to

Address Cloud

Service

Deployment

Models

API-accessible

Abstraction

Layer

Part of Cisco

Unified Cloud

Management,

Control point to

Cisco

architectures

Supports Self

Contained Multi-

Tenant

Environment

Single Access to

Virtual Services,

Lowering

Customers TCO

Securing the Tenant Domain


Securing the Tenant Intra Domain and Edge

• Proven Cisco® security: virtualized

physical and virtual consistency

• Collaborative security model

Cisco Virtual Secure Gateway (VSG) for

intra-tenant secure zones

Cisco ASA 1000V for tenant edge controls

• Transparent integration

With Cisco Nexus® 1000V Switch and Cisco

vPath

• Scale flexibility to meet cloud demand

Multi-instance deployment for scale-out

deployment across the data center

Tenant B Tenant A VDC

vApp

vApp

Hypervisor

Cisco Nexus® 1000V

Cisco vPath

VDC

Cisco® Prime Network Services Controller

Cisco

VSG Cisco

VSG

Cisco

VSG

Cisco ASA

1000V

Cisco ASA

1000V

Cisco

VSG

10


Cisco Nexus 1000V

11

vSphere

1000V

VEM

1000V VSM

VM VM VM VM

Server

Physical Switches

Accelerate virtualization and multi-tenant cloud deployments

Integrated into Vmware vSphere hypervisor

Provides advanced virtual machine switching using .1Q switching technology

vPath and VXLAN technologies

Built on Cisco NX-OS

Provides: policy based VM connection, mobile virtual machine security and network policy, and a non-disruptive operational model


Virtual Security Gateway Virtual Firewall for Nexus 1000V

12

Prime NSC

VM context aware rules Context aware

Security

Establish zones of trust Zone based

Controls

Policies follow vMotion Dynamic, Agile

Efficient, Fast, Scale-out SW Best-in-class

Architecture

Security team manages security Non-Disruptive

Operations

Central mgmt, scalable deployment,

multi-tenancy

Policy Based

Administration

Virtual

Security

Gateway

(VSG)

XML API, security profiles Designed for

Automation


Cisco ASA 1000V Solution Features and Capabilities

13

Built using Cisco® ASA infrastructure

VXLAN gateway

Multi-tenant management

Through Cisco Prime NSC

IPsec VPN (site to site)

NAT, DHCP

Default gateway

Static routing

Stateful inspection

IP audit

Interoperability with VSG through

service chaining

Hybrid Cloud Use Case


Nexus 1000V InterCloud – Building Secure Hybrid Clouds

15

Enterprise DC Public Cloud

Tenant B Virtual Private Cloud

Network Transparency

Secure Tunnel and Network Overlay

Customer Control

Multi-Platform (Cloud, Hypervisor, Switch)

Consistent L4-7 Network Services

Single Management Interface

Workload Mobility

Secure Multi-Tenant Environment


Hybrid Cloud Use Cases

16

Tenant A

Virtual Private Cloud

VM VM

Nexus 1000V

Switching

Firewall,

Routing VM VM

Other Tenant

VPCs

VM VM

Seasonal Capacity, Events

Supplement/Geo-Specific Capacity

Upgrade and Migration

Disaster Recovery


Prime NSC – Hybrid Cloud Management

17

Enterprise DC Public Cloud

Tenant B Virtual Private Cloud

Build InterCloud Environment Construct InterCloud environment, install and configure solution

components

VM Operation Manage day-to-day operations activities

Service Monitoring Monitor service availability and alert on service degradation

System Management Single place of operation supporting enterprise management

standards

Management Orchestration Integrate with internal and external management systems


Operation Overview

19

VM

N1K VEM

vCenter NSC

VSM

Management

Infrastructure

VM VM

A vCenter VM resource

is moved under

NSC

management

VM

InterCloud Node InterCloud Switch cVEM

VM IC

Driver

A VM that was running at

Enterprise is now running at

cloud on same L2

network extension

Network

Administrator

Server

Administrator

Network admin sets

up infrastructure for

hybrid cloud

Upload VM Image

Server admin issues

hybrid cloud

operations

Cloud

Provider

Template

Template

Template

Image

VM IC

Driver

cVSM

Instantiating InterCloud Instances


Cloud Bursting Use Case

20

Enterprise Data Center Cloud Data Center

Build Web VM

image, inject

InterCloud driver,

and upload it to

cloud

Secure

Tunnel

Load Balancer

Request

to bring up or

tear down Web

VM(s) at cloud on

demand

Upload the

VM image to

cloud as a Web

Gold VM image

Bring up or tear

down overlay

network

on demand

Bringing

up more web

instances at

cloud

1 2

3 5

4

Image

Template

InterCloud

Driver

Web IC

Driver Web IC

Driver Web Web Web

App App

InterCloud

Switch cVEM

NSC

Intercloud

Node


Managing Customer Operations

INFRASTRUCTURE

LAYER

CONTROL LAYER

APPLICATION LAYER

Network Device Network Device Network Device

Network Device Network Device

Prime

Network

Services

Controller

Network

Services

Performance

Mgmt.

Advanced

Security

IPAddress Mgmt. Load Balancing Disaster Recovery

API API

Control Data Plane

Interface (e.g. OnePK)

• Leverage control layer to deliver advanced cloud operation management

• Develop application vendor ecosystem

• Cisco as a reseller of a full stack infrastructure and management

• Take advantage of Cisco market footprint

21


Extensible by design

Hybrid cloud management platform via cloud plug-ins

Multi-vendor, multi-platform support via SDK’s

Native hypervisor extension points

Integration point to Cisco and 3rd party orchestration and management systems

Prime Network Services

Controller

Cloud Plug-In

(jclouds)

Cloud Providers

Virtual and Physical Services

Hypervisors

Automation & Orchestration

External SDK

Embedded FW (PA)

Extension & Packaging

Rest NBI

ESB (JMS)

22


Key Takeaways – Prime NSC Assets

Advanced architecture addressing Cloud and Virtualization challenges

Enables new ways to consume Infrastructure

Consolidated management for virtual and physical services across private and public clouds

Supports programmatic networking by exposing functionality through XML API

Lightweight and Versatile addressing both Enterprise and SP environments

23


Maximize your Cisco Live experience with your

free Cisco Live 365 account. Download session

PDFs, view sessions on-demand and participate in

live activities throughout the year. Click the Enter

Cisco Live 365 button in your Cisco Live portal to

log in.

Complete Your Online Session Evaluation

Give us your feedback and you could win fabulous prizes. Winners announced daily.

Receive 20 Cisco Daily Challenge points for each session evaluation you complete.

Complete your session evaluation online now through either the mobile app or internet kiosk stations.

25

Deploying Cloud Network Servicesd2zmdbbm9feqrf.cloudfront.net/2013/usa/pdf/PSODCT-1008.pdfSegment...

Documents

Transcript of Deploying Cloud Network Servicesd2zmdbbm9feqrf.cloudfront.net/2013/usa/pdf/PSODCT-1008.pdfSegment...