Policy Architected Data Center - Cisco...• A ‘MetaModel’ used to define IT Services ... Cisco...

Policy Architected Data Center Defined by Applications. Driven by Policy. Delivered as a Service.

Marty Ma Technical Solution Architect, Data Center and Cloud Cisco Greater China xArchitecture Team

Cisco and/or its affiliates. All rights reserved. Cisco Public

Data Center and Cloud – Top Challenges Business Expectations in the Digital Era

Disruptive

Business Models

Less than 1% have

Optimized Cloud

Strategy

Promise of Cloud

Opportunities

Mobile Social

Cloud

Economics.

Faster Services

Rollout

Address Pace of

Change

60% of data stolen

within first few hours

of attack

Increased Security

Threats

Protect Privacy and

Reputation

2X Data growth /18

mos., Application

growth / 2 years

Data and

Application

Explosion!

10101

Better and Faster

Decisions

Shadow IT

Cloud

DevOps

Flat IT budgets

Manage IT

Change

Big Data / Analytics

Cloud-Scale Apps

New Application

Architectures

10101

Mobile Social

Cloud

Securing Data

Within DC and

Across Clouds

Security and

Compliance

Deliver IT-as-a-

Service Consistently

Across Public and

Private Clouds

Cloud Strategy

“Bi-Modal IT” Hybrid Clouds Pervasive Security Data Insights


What Is “Bi-Modal IT”?

Think

Sprinter

Think

Marathon

Runner


“Mode 1” Apps @ “Mode 2” DC Infra = Availability Challenge

“Mode 2” Apps @ “Mode 1” DC Infra = Resource optimization & Scale Challenge

Bi-Modal

IT


We Are at the Beginning of a Major Shift

Consolidation

Virtualization

IT as a

Service

Hybrid

Cloud

Traditional

Data Center

Automation

Adoption Curve

Efficiency

Connected Experiences

Simplicity

Agility

Standardization

Distributed Cloud

Data Center

The IoE Era

IaaS | PaaS | SaaS | XaaS

We are here

2000

2000 2008 2015 The Next 5+ years


Automation != MicroManagement

Netw

ork

Ad

m

Update

Trunks

Create

VLANs

Configure

SAN Zoning

Create UCS

Service Profiles

Create

Network Policies

Serv

er

Ad

min

s

Configure

Servers

Bare metal

Provisioning

Setup

Servers

Add VLAN to

Service Profile

Create

VLAN

Create Storage

Resources

(LUNs

and Volumes)

Sto

rag

e Add vFilers

to Group

Create

vFilers

Create

IP space

UCS Blade

Power On

Create

Storage Policy

Map

NetApp LUN

Add Users

and Groups

IT

Planning

Approvals Define

Cost Models

Bu

sin

es

s

Ap

plic

atio

n

Re

qu

irem

en

ts

1

2

3

4

5

6 Challenges:

Manual processes

Complex handoffs between

teams and domains

Static resource allocation

Business Outcome:

Days/weeks/months to

deploy IT services

High operational cost

Rigid silos

Infrastructure inefficiency and under utilization


Would a Software Only Overlay Suffice?

• Increased Agility For Virtual Devices –

Faster configuration and provisioning of virtual

devices

• Partial Solution – Embedded support only for

virtual devices

• Operational Complexity – Two networks

• No Traffic Visibility – Limited troubleshooting

• Limited Scale – Centralized gateways,

sub-optimal traffic flow Physical and Virtual Resources

Overlay - Virtual Devices

Physical Resources

Two Networks

Advantage

Disadvantage

Gateway


Abstraction, the Real Objective of “SDN” How to Avoid “Death by MicroManagement” ?


Infrastructure Layer with Domain Controllers

Complexity

Summary

Network Language

Business Language Domain Controller


Orchestrate the Abstraction, rather than Implementation

11

Physical Infrastructure Physical Infrastructure

Compute Storage Network

Infrastructure Abstraction Layer

Domain Controller (Management and Orchestration)

Policy Template

Application

Logical Architecture


Automation via Policy

On-Demand

Automated Delivery

Policy-Driven

Provisioning

Secure Cloud

Container

VMs Compute Network Storage

Infrastructure

Automation and

Management

Domain Managers

OS and

Virtual

Machines

Storage

Network

Compute

Tenant

B Tenant

C Tenant

A

Virtualized and Bare-Metal

Compute and Hypervisor

B C A

Network and Services

VM VM Bare Metal

Single Pane of Glass

End-to-End

Infrastructure

Automation and

Lifecycle Management

Cisco and/or its affiliates. All rights reserved. Cisco Public 13

Policy – what do we mean?

Compute Cloud Network

Policy Policy Policy


Topology and Orchestration Spec for Cloud Applications

14

• A ‘MetaModel’ used to define IT Services

• Use template to represent a service as a directed graph

• XML/JSON based description for each components/capabilities in the template provide consistent view from application level all the way down to infrastructure orchestration


Policy – Empowers Cohesiveness as DC Infrastructure Evolves

15

2009 2014 2008

Consolidation Virtualization Automation Enabling

the Intercloud

LAN SAN

Network

Compute Storage Access

Network

Apps Policy

Today

Policy

Policy

RAPID APPLICATION EVOLUTION

Policy

UCS

ACI

Nexus

Hybrid Cloud

Policy

Policy

Policy


Policy – Linking the Application Language to Infrastructure

16

Network Language

Compute Language

Security Language

Application Language

• Multi-Tier / DevOps

• Security & Compliance

• SLA

• Performance

• Compliance

• High-Availability

Decouple

Application AND

Policy from underlying infrastructure

Infrastructure

Common

Policy

App

Network

Profile

UCS

Service

Profile


Cisco ACI The Most Complete Solution for Our Customers

17

Automation through Common Policy

Physical, Virtual & Containers

Open, Standards-Based & Secure Application Centric

Infrastructure


Cisco ACI Complements, Enhances, and/or Replaces Any SDN Offering

18

Bare Metal Applications

Virtualized Applications

Optional Software Overlay

Foundation:

Nexus or ACI


Pillars of ACI Rapid Deployment of Application onto Open Networks with Scale, Security, and Full Visibility

19

Industry Leading

Partnerships

Application Centric Policy Open Ecosystem ACI Fabric/Nexus 9000

Application Centric Infrastructure


Application Centric Infrastructure Fabric

20

“Users” “Files”

ACI Fabric

Logical Endpoint Groups by

Role

Heterogeneous clients, servers,

external clouds; fabric controls

communication

Every device is one hop away, microsecond

latency, no power or port availability

constraints, ease of scaling

Flexible Insertion

ACI Controller manages all

participating devices, change control

and audit capabilities

Unified Management and Visibility

Fabric Port Services

Hardware filtering and bridging; default

gateway; seamless service insertion,

“service farm” aggregation

Flat Hardware Accelerated

Network

Full abstraction, de-coupled from

VLANs and Dynamic Routing, low

latency, built-in QoS


Application Centric Policy

Subject Matter Experts Define Policies

1

Network SME

Security SME

Application SME

2

Policies Used To Create Application Network Profile Templates

3 Automated policy configuration across the infrastructure

Life cycle management for day 1, day 2 operations

4

Multi DC WAN and Cloud

Storage L4–L7 Services

Compute Physical Networking

Hypervisors and Virtual Networking

Hypervisors and Virtual Networking

Physical Networking

Compute L4–L7 Services

Storage Multi DC WAN and Cloud


ACI Vision: Scale, Security, and Full Visibility

Physical Networking

Compute L4–L7 Services

Storage Hypervisors and Virtual Networking

Multi DC WAN and Cloud

Enabled by physical and virtual integration

Tenant Application

2

0


Open Enables Choices and Investment Protection

Hyper-Agility

Security &

Governance

Biz. Insights

Security &

Services

Open Infra.

Northbound Partners

APIC

Systems Management

DevOps

Analytics

Southbound Partners

Enterprise Monitoring

Orchestration Frameworks

L4-L7 Services

Fabric Attached Devices

http://www.hsvsummit.com/images/sponsor_logos/CA_Technologies.JPG


Data Centers Built on Open Architectures

Open Source

UCS ACI Inter-

cloud

OpFlex NSH VXLAN

RESTful APIs ( XML)

(JSON)

Open Standards

Open Ecosystem Open Interfaces


An Open Ecosystem Approach

25


ACI Delivers Secure Multi-Tenancy at Scale Automated Protection to Cover the Attack Continuum

CENTRALIZED

AUTOMATION

Audit, Detect, Mitigate

EMBEDDED IN ACI INVESTMENT PROTECTION

FirePOWER Now Integrated with ACI

Validated for Deployment in PCI Compliant Networks

POLICY DRIVEN

Physical & Virtual


ACI Enables Segmentation Based on Business Needs

27

Level of Segmentation/Isolation/Visibility

VLAN 1 VXLAN 2

VLAN 3

Network centric

Segmentation by

VLAN

DEV

TEST

PROD

Segment by

Application

Lifecycle

PRODUCTIO

N POD DMZ

SHARED

SERVICES

Basic DC

Network

Segmentation

Per Application-tier

/

Service Level

Micro-

Segmentation

WEB

APP

DB


Cisco Policy Architected Data Center

28


Cisco Data Center: Accelerate Digital Transformation

29

POLICY-Architected

DATA CENTER

Intercloud Ready Get Secure Workload Mobility

with Any Cloud

APP

APP

APP

APP

APP

Edge Ready Bring Your Data Center Closer to

IoE/IoT, Remote Branches with

Distributed Analytics

Optimized for Bi-Modal IT Automated | Simple | Secure

Network and Policy Drive the End-to-End Digital Experience

Policy Architected Data Center - Cisco...• A ‘MetaModel’ used to define IT Services ... Cisco...

Documents

Transcript of Policy Architected Data Center - Cisco...• A ‘MetaModel’ used to define IT Services ... Cisco...